Cloud-based e-mail management provider, Mimecast has announced the general availability of Impersonation Protect, a cloud service that aims to combat spear phishing attacks of whaling and CEO fraud.
The company says Impersonation Protect uses advanced scanning techniques to prevent attacks by monitoring all e-mail traffic for elements commonly used by criminals, including employee and domain names, and other keywords like wire transfer, tax form or urgent.
IT administrators and security organisations can now block suspicious e-mails or choose to display additional security warnings for employee awareness, says Mimecast.
Cyber criminals are commonly using e-mail as an entry point to steal confidential data and dupe employees into making fraudulent payments costing the global economy billions of dollars annually, it adds.
A recent Mimecast research says the whaling threat continues to grow with 67% of firms seeing an increase in attacks designed to extort money in the last three months.
Mimecast chief executive officer Peter Bauer says over 90% of cyber attacks begin with e-mail, and social engineering-led e-mail attacks are growing rapidly.
Bauer notes whaling is a particularly insidious attack and has proven lucrative by successfully targeting specific teams and individuals that attackers have researched via social media, he adds.
"It catches out even the most cautious people. Protecting employees requires updated technology that goes beyond traditional e-mail security. Without the right protection, organisations are losing millions of dollars and exposing data to fraudsters."
As organisations are increasingly able to protect themselves against traditional attacks the criminals will continue to look for new ways to attack, says Brandon Bekker, MD at Mimecast SA.
Whaling is a particularly targeted form of spear phishing that doesn't use malware, therefore it is not identified by traditional security gateways scanning for malware or dangerous Web links, adds Bekker.
"Up until Mimecast launched its service, this meant the only way to protect yourself was by training employees to spot the threat.
"But because these attacks are particularly targeted they have been effective in fooling even the most cautious employee."
Whaling attacks globally are on the increase - figures in the US from the FBI show a significant increase; as do similar reports out of the UK, says Bekker. Whaling and spear phishing in particular are two threats that are affecting organisations in SA at a rapid pace, he adds.
"The trends and effectiveness of this attack are consistent worldwide. It prays on frailties of human nature and seeks to circumnavigate the security technology already in place to trace malware in particular."
Organisations commonly have finance and data processes in place designed to stop information from being leaked, says Bekker.
But this attack emulates people in senior positions to try and convince key staff members in HR or finance for example to 'break the rules' because they believe they are being asked by their boss to do something quickly, it adds.
"Critical defences against spear phishing include having strong processes and ensuring staff are regularly trained to spot the threat - and now for Mimecast customers they have the added protection of the technology giving them an additional line of defence."
Share