Freely subscribe to our NEWSLETTER

These text only emails can look very similar to the regular emails that a business sends and receives. Because there is no URL to rewrite and no attachment to put in a sandbox, so they often bypass Secure Email Gateways (SEG) detection and security filters, and land in an employee’s inbox.

These messages pretend to come from a trusted source. They are often targeted at finance department executives and provide instructions to take an urgent action such as quickly wiring money to a bank account.

This tactic can be compared to a thief using a fake ID at a bank teller to make a withdrawal. In this case, the fake ID is the email itself, purporting to come from the company’s CEO or other trusted individual. The request is to wire a large sum of money directly to a bank account. There is almost always a sense of urgency about the request.

While bank employees may be skilled at spotting fake IDs, employees are generally unskilled at spotting fake emails and will continue to fall for fraudulent email messages, even after receiving training in how to identify them.
Because sending and receiving instructions via email is so commonplace, it is still the perfect platform for mounting a multimillion dollar attack.

According to a study by the Radicati Group, the average employee sends and receives 122 emails a day. Modern email clients often also hide the underlying details of where a message actually came from. Therefore it’s not surprising that employees, even those who have received training on spear phishing, cannot detect the difference between a legitimate request from their CEO and a phony spear phishing email carefully crafted to bypass security protection and appearing to be from a trusted source.

Identifying these text only email attacks becomes an exercise of identifying a needle in a haystack. In one recent case study, Cloudmark found that out of more than 1 million emails, just 19 were text only wire fraud attacks.

These attacks can be significant. In February of 2015, Scoular Co., an Omaha based commodities trader (and one of the top privately held U.S. companies), lost $17.2 million in a spear phishing wire fraud scam.

Just a few months later, Ubiquiti Networks, a San Jose based networking technology company, fell victim to a $46.7 million attack, wiring this sum to a Hong Kong bank account controlled by the attackers.

In January of 2016, fraudsters topped all previous records, making off with $55 million from FACC, an Australian aerospace parts manufacturer.

And then in February, the record for the largest loss from a targeted spear phishing wire fraud attack was broken again when Crelan Bank in Belgium reported it lost $76 million.

In a recent study conducted by Vanson Bourne (commissioned by Cloudmark), more than 90 percent of enterprises surveyed said they had been targeted by spear phishing attacks. Most relied on SEG and Anti-Virus (AV) to defend themselves against attacks, but overall they estimated that 83% of spear phishing attacks were getting through their defences. Cybercriminals are getting smarter. It’s time for cyber defences to keep up.

Detecting and preventing these attacks requires the combined use of multiple factors, including behavioural learning, sender reputation and content analysis.
By observing a company users’ individual email patterns, the latest solutions can identify spear phishing attacks by learning typical email behaviour - who, what, when and where normal emails come from – and, using anomaly detection, recognize when that behaviour deviates from company specific known norms. By combining anomaly detection with classification of content, the latest solutions can detect that a message is both anomalous and suspicious and therefore is likely to be malicious. Complete solutions will also combine these new techniques with the existing global data about known bad senders, sender reputation, newly created domains and newly created sending infrastructure.

This type of targeted, intelligent solution can then warn both IT and the email recipient – in real time – that an email is likely malicious and of a financial nature, letting IT decide whether to flag it for recipients to evaluate or quarantine it. Such a solution can also display this information on a visual dashboard that keeps IT informed of attacks as they happen in real time. A solution that combines these four forms of detection – behavioural learning, sender’s reputation and context and content analysis - is a powerful tool in the ever growing fight against spear phishing wire fraud attacks.

Slightly more than half of the enterprises in the Vanson Bourne study said they offer training and education (in varying levels) to employees, trying to maintain a human firewall. In addition to preventing spear phishing threats from getting into the email inbox, intelligent spear phishing solutions can also increase the efficiency and effectiveness of these training programs by showing which employees are most at risk. A top notch solution can display this data in real time as well as over time. This enables companies to reduce costs for training (by training fewer people – those most targeted) or target education more effectively.

The Vanson Bourne survey found that finance and IT departments, along with C-Suite executives, are most often targeted by spear phishing attacks. Knowing precisely who is being attacked and the methods used enables enterprises to counteract these threats more effectively.

Spear phishing is clearly a major and growing problem for businesses, and attacks involving text only messages are increasing. Businesses are continuing to lose greater and greater sums due to these attacks. Companies need a solution that identifies the cybercriminals’ newest tactics – with technology that can detect these needle-in-a-haystack spear phishing wire fraud attacks before they reach the inbox.