Leave us a Message:

Mail impersonation – Mail phishing recognize

Share on facebook
Share on linkedin
Share on twitter
Share on whatsapp
Share on email
Mail impersonation is one of the most popular and successful attacks today. This kind of attack can be split into two main types: Phishing and Mail impersonation.
Mail impersonation - Mail phishing recognize

The security threat:

Mail impersonation is one of the most popular and successful attacks today.

This kind of attack can be split into two main types: Phishing and Mail impersonation.

Phishing attacks try to stall credentials by impersonating a legit login page and stalling the password.

Mail impersonation attacks try to create mail sessions that look like regular intersessions or between an organization and a vendor, causing the organization’s workers to send them classified information or money.

CyberSIEM solution:

We use ArcSight, along with our unique mechanism to recognize different mail attacks and customize our solutions for each customer.

For the following examples, this will be the legit mail address:

Our recognized methods:

1. In a phishing scenario, we look at the mail domain and rate its similarity to the organization’s domain. If the rate passes the threshold, we trigger the rule in ArcSight:

Organization Domains Incoming Domains Rate
atlantis.com atlentis.com 95
atlantis.com atlantis.cum 95
atlantis.com atlas.com 65

2. In an impersonation scenario, we look for the mail user’s name and compare it with the full names of the organization’s users. We compare the similarity rate with the full name or part of it in case a person has a middle name:

Organization user full name Incoming mail users name Rate
Wolfgang Amadeus Mozart mozart.amadeus 100
Wolfgang Amadeus Mozart wolfgang_amadeus 100
Wolfgang Amadeus Mozart lake.amadeus 50

By correlating these rates, we know to give a customer a deep and reliable image about mail attacks on the organization.

For security reasons, we don’t publish our specific technical methods or algorithms, but this is one of the scenarios in which we liberate it to our customers.

If you wish to integrate this mechanism or more special mechanisms in your organization, please contact us here.

Ofek Sher[email protected]

The post-integration wisdom

Share this post

Share on facebook
Share on linkedin
Share on twitter
Share on whatsapp
Share on email
Eli Benitah

Eli Benitah

Leave a Replay

About Us

We increase the security of organizational information and anticipate threats before they cause damage, and improve the level of protection of organizational information, by providing end-to-end SIEM solution.

Recent Posts

Skip to content