In an attempt to fraudulently obtain more than $36 million, a threat actor emailed an escrow officer and their client, a commercial real estate company, while impersonating the senior vice president and general counsel of a trusted partner company. The email Security company Abnormal caught the wire fraud attack due to an unusual domain name using behavioral AI and an advanced modeling technique.
Included in the email were an invoice and instructions for payment for a loan worth $36.4 million. While this number might ring alarm bells elsewhere, commercial real estate involves using large-sum loans, so there was no initial concern. A false company letterhead was used to legitimize the scam. The cyber attackers added another reputable real estate investment company to the email chain to make it even more convincing, using a typo-squatting domain.
The escrow officer may have fallen for it, but the BEC attempt was caught due to artificial intelligence (AI) technology spotting signs of fraud, such as discrepancies in the wiring instructions, newly registered email domains, and irregular language patterns in the email. In addition to this, there was a minor change in the sender domain from ".com" to ".cam."
Just as we have trained users to watch for red flags in the email, the computer algorithm can process and identify many at incredible speed. While we still are playing a "whack a mole" game with adversaries in many domains, AI is increasingly improving its models to catch ever-more-savvy BEC attacks.
Take away
- Essential antispam and antimalware services built into most email systems are no longer enough to protect against even basic BEC attacks.
- Invest in advanced email protection services that use Machine Learning (ML) and Artificial Intelligence (AI) to analyze and block phishing and malicious emails based on the multitude of telemetries unavailable to the human eye.
- Many of them support Microsoft 365 and G-Suite email platforms with zero-touch implementation.
------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
+1 (713) 625-8249
------------------------------