Mail Impersonation

Mail impersonation – Mail phishing recognize

The security threat:

Mail impersonation is one of the most popular and successful attacks today.

This kind of attack can be split into two main types: Phishing and Mail impersonation.

Phishing attacks try to stall credentials by impersonating a legit login page and stalling the password.

Mail impersonation attacks try to create mail sessions that look like regular intersessions or between an organization and a vendor, causing the organization’s workers to send them classified information or money.

CyberSIEM solution:

We use ArcSight, along with our unique mechanism to recognize different mail attacks and customize our solutions for each customer.

For the following examples, this will be the legit mail address:

Our recognized methods:

1. In a phishing scenario, we look at the mail domain and rate its similarity to the organization’s domain. If the rate passes the threshold, we trigger the rule in ArcSight:

Organization Domains
Incoming Domains

2. In an impersonation scenario, we look for the mail user’s name and compare it with the full names of the organization’s users. We compare the similarity rate with the full name or part of it in case a person has a middle name:

Organization user full name
Incoming mail users name
Wolfgang Amadeus Mozart
Wolfgang Amadeus Mozart
Wolfgang Amadeus Mozart

By correlating these rates, we know to give a customer a deep and reliable image about mail attacks on the organization.

For security reasons, we don’t publish our specific technical methods or algorithms, but this is one of the scenarios in which we liberate it to our customers.

If you wish to integrate this mechanism or more special mechanisms in your organization, please contact us here.
Ofek Sher

The post-integration wisdom

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email