Mail Impersonation

Mail impersonation – Mail phishing recognize

The security threat:

Mail impersonation is one of the most popular and successful attacks today.

This kind of attack can be split into two main types: Phishing and Mail impersonation.

Phishing attacks try to stall credentials by impersonating a legit login page and stalling the password.

Mail impersonation attacks try to create mail sessions that look like regular intersessions or between an organization and a vendor, causing the organization’s workers to send them classified information or money.

CyberSIEM solution:

We use ArcSight, along with our unique mechanism to recognize different mail attacks and customize our solutions for each customer.

For the following examples, this will be the legit mail address:

Our recognized methods:

1. In a phishing scenario, we look at the mail domain and rate its similarity to the organization’s domain. If the rate passes the threshold, we trigger the rule in ArcSight:

Organization Domains
Incoming Domains
Rate
atlantis.com
atlentis.com
95
atlantis.com
atlantis.cum
95
atlantis.com
atlas.com
65

2. In an impersonation scenario, we look for the mail user’s name and compare it with the full names of the organization’s users. We compare the similarity rate with the full name or part of it in case a person has a middle name:

Organization user full name
Incoming mail users name
Rate
Wolfgang Amadeus Mozart
mozart.amadeus
100
Wolfgang Amadeus Mozart
wolfgang_amadeus
100
Wolfgang Amadeus Mozart
lake.amadeus
50

By correlating these rates, we know to give a customer a deep and reliable image about mail attacks on the organization.

For security reasons, we don’t publish our specific technical methods or algorithms, but this is one of the scenarios in which we liberate it to our customers.

If you wish to integrate this mechanism or more special mechanisms in your organization, please contact us here.
Ofek Sher

The post-integration wisdom

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email