Don’t Trust That Email From Your Boss

January 21, 2020

Resource Icons8

Yes, you read that right, do not trust the email from your boss. It could be an impersonator disguised as your boss trying to phish you. This phenomenon is called Business Email Compromise, or BEC Scam. It is a severe problem facing organizations of all sizes. According to the FBI’s Internet Crime Complaint Center (IC3), losses from BEC Scams reached $1.2 billion in 2018, almost double the adjusted losses of $675 million in 2017. The most common scenario in a BEC Scam is attackers impersonating a C-level executive in the organization and sending emails to unsuspecting employees asking them to take a financial action: purchase gift cards, transfer money, or update payroll to fraudulent accounts.

How can this problem be addressed? What can be done to let employees confidently open and reply to the emails they receive? A fundamental shift in email security is needed to address this issue. Built-in controls of email providers include basic security, and do a good job at mitigating spam, but they lack important, advanced security capabilities. Traditional email security products like Secure Email Gateways (SEG) are incapable of addressing this issue because they only work off of known security threats. Often times the bad guys set up totally new infrastructure to launch these phishing attacks that easily get past the security controls in place, like SEGs. These Zero-Day attacks have no previous history and cannot be traced by outdated solutions.

Since its inception, Graphus has detected and nullified thousands of BEC Scams and other sophisticated attacks for many organizations. The reason Graphus is able to do it is because zero-trust is at the core of our security architecture. No sender interacting with an organization (internal or external) is trusted by default. Each sender has a unique trust rating and fingerprint captured in a TrustGraph. Graphus builds the TrustGraph by leveraging its patented AI algorithms, which learn from the past, and constantly monitor ongoing email interactions between the organization and the outside world. All emails are analyzed by the TrustGraph to determine whether or not they are safe. The solution does not rely on known bad indicators. The trust-based AI algorithms from Graphus built and fine-tuned over several years are so powerful that they can detect and stop the most sophisticated Zero-Day attacks.

The Graphus solution has gone head-to-head with leading email security solutions in real customer environments. Gartner has placed Graphus in a new category in Email Security called Cloud Email Security Supplements (CESS), realizing that a new approach is needed to address this issue.