Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email...
Transcript of Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email...
![Page 1: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/1.jpg)
1 © 2018 Proofpoint, Inc.
Thinking Differently: Protecting the Public, Employees, Educators and the Supply Chain Through DMARC Enforcement
Denis Ryan
Sr. Dir., Field Sales – Email Fraud
![Page 2: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/2.jpg)
2 © 2018 Proofpoint, Inc.
Highly Targeted
![Page 3: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/3.jpg)
3 © 2018 Proofpoint, Inc.
Payload Free
![Page 4: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/4.jpg)
4 © 2018 Proofpoint, Inc.
Socially ManipulativePrey upon basic human emotion: fear
(of being incompetent)
![Page 5: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/5.jpg)
5 © 2018 Proofpoint, Inc.
“Email is vulnerable to identity deception”
▪ Anyone can pretend to be anyone
▪ Think of the “from” field being entirely editable
▪ Even the SMTP protocol itself states that email is inherently vulnerable to identity deception
▪ “There is nothing to stop me sending an email to anyone pretending to be Donald Trump at the White House dot gov.”
▪ https://www.globalcyberalliance.org/white-house-e-mail-domains-lack-basic-phishing-spoofing-security.html
![Page 6: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/6.jpg)
6 © 2018 Proofpoint, Inc.
Email Fraud Affects The Great…
![Page 7: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/7.jpg)
7 © 2018 Proofpoint, Inc.
And The Lowly
![Page 8: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/8.jpg)
8 © 2018 Proofpoint, Inc.
Border Control: Identity & Security Screening
![Page 9: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/9.jpg)
9 © 2018 Proofpoint, Inc.
DMARC Secures Legitimate Domains
“ “We’re rapidly moving toward a
world where all email is
authenticated...If your domain
doesn’t protect itself with DMARC,
you will be increasingly likely to see
your messages sent directly to a
spam folder or even rejected.”
John Rae-Grant
Product Manager
“Setting a DMARC policy of “reject”
provides the strongest protection
against spoofed email, ensuring
that unauthenticated messages are
rejected at the mail server, even
before delivery. Additionally, DMARC
reports provide a mechanism for an
agency to be made aware of the
source of an apparent forgery,
information that they wouldn’t
normally receive otherwise.
Department of Homeland Security
Binding Operational Directive 18-01
![Page 10: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/10.jpg)
10 © 2018 Proofpoint, Inc.
Definitions
▪ Email fraud:
▪ Criminal use of identity deception and…
▪ Social engineering tactics over email to…
▪ Dupe a target into giving up money, data, information or access
▪ Email fraud targets:
▪ Employees/Educators
▪ Supply Chain
▪ Public
▪ Business Email Compromise (aka CEO impersonation, whaling, etc.):
▪ B2B flavor of email fraud
▪ Originally synonymous with “wire transfer fraud”
![Page 11: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/11.jpg)
11 © 2018 Proofpoint, Inc.
Independent survey of 2,250 businesses
75 percent of organizations experienced at least one targeted email fraud attack
> 77 percent of businesses expect they will fall victim to email fraud in next 12 months
![Page 12: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/12.jpg)
12 © 2018 Proofpoint, Inc.
How Are Business Affected By Email Fraud?
![Page 13: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/13.jpg)
13 © 2018 Proofpoint, Inc.
Who Is Most At Risk?
![Page 14: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/14.jpg)
14 © 2018 Proofpoint, Inc.
How Are Companies Protecting Themselves?
![Page 15: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/15.jpg)
15 © 2018 Proofpoint, Inc.
Under Attack, Vertical Analysis
![Page 16: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/16.jpg)
16 © 2018 Proofpoint, Inc.
Email fraud: STOP ATTACKERS’ KEY TACTICS
Domain spoofing
Look alike domain
Display name spoofingOther brand impersonation
Domain Monitoring
EmailAuthentication
Email Gateway:Policy and ML Classifier
Brand impersonation email threat data
yourcompany.com
y0urc0rnpany.com
John Smith <[email protected]>
Internal Threats External Threats
EmailAuthentication
Domain Monitoring
![Page 17: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/17.jpg)
17 © 2018 Proofpoint, Inc.
Multiple Stakeholders Targeted
EMPLOYEES CONSUMERS PARTNERS
Business email compromise or BEC
Consumer phishing Supply chain spoofing
![Page 18: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/18.jpg)
18 © 2018 Proofpoint, Inc.
92% OF COMPANIES WERE TARGETED BY AT LEAST 1 ATTACK IN
Q1 2018
DOMAIN SPOOFING
yourcompany.com
DISPLAY NAME SPOOFING
<John Smith>
LOOK-ALIKE DOMAIN
y0urc0rnpany.com
92%
15%
63%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
% of customers targeted by BEC tactic
![Page 19: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/19.jpg)
19 © 2018 Proofpoint, Inc.
“We need to retrofit security to email”
▪ Solution must address the 360-degree nature of the problem
▪ Multiple targets (your employees, business partners and public)
▪ Multiple tactics
▪ Government increasingly determined that all companies must do this
▪ DHS Binding Operational Directive 18-01 mandates it for all civilian agencies
▪ The average wire transfer fraud loss is $130,000
▪ Given that companies of all sizes across all verticals are targeted, we’d like to help you understand and ultimately reduce your exposure
![Page 20: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/20.jpg)
20 © 2018 Proofpoint, Inc.
Controls Against All Tactics
Domain Spoofing Look Alike Domain Display NameSpoofing
Domain Monitoring
EmailAuthentication
Machine Learning Classifier, Policy
yourcompany.com y0urc0rnpany.com <John Smith>
![Page 21: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/21.jpg)
21 © 2018 Proofpoint, Inc.
Controls Against All Tactics
Domain Spoofing Look Alike Domain Display NameSpoofing
Domain Monitoring
EmailAuthentication
Machine Learning Classifier, Policy
yourcompany.com y0urc0rnpany.com <John Smith>
DMARC Domain DiscoveryImpostor Classifier
& EBD
EFD360
![Page 22: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/22.jpg)
22 © 2018 Proofpoint, Inc.
“We authenticate everything…”
Access point Authenticated?
Network Access
Applications
Endpoints
Financial Transactions
Physical Access
…Except Email
![Page 23: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/23.jpg)
23 © 2018 Proofpoint, Inc.
We Make it Easy
![Page 24: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/24.jpg)
24 © 2018 Proofpoint, Inc.
MANAGED SERVICE
Deployment Methodology
IDENTIFYDetect use and abuse ofidentities (domains, brands & people)
POLICYBuild policies and eliminate risk of false positives (blocking good)
ENFORCEEnforce policies across public and private channels
MANAGEContinue to curate policies for on-going efficacy
![Page 25: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/25.jpg)
25 © 2018 Proofpoint, Inc.
Policy Enforcement: Eliminate Fraudsters in Weeks
![Page 26: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/26.jpg)
26 © 2018 Proofpoint, Inc.
Summary
▪Email Fraud is a big, growing and costly problem
▪Email Fraud is multi-faceted:▪Multiple assets at stake
▪Multiple stakeholders targeted
▪Multiple tactics employed
▪Proofpoint’s EFD360 is the only solution that addresses the whole problem
![Page 27: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/27.jpg)
27 © 2018 Proofpoint, Inc.
![Page 28: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/28.jpg)
28 © 2018 Proofpoint, Inc.
Appendix
![Page 29: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/29.jpg)
29 © 2018 Proofpoint, Inc.
EFD can protect your employees from trusted-domain spoofing thru DMARC policy enforcement
Domains w/ DMARC blocking policies were used that
you could be enforcingDomains w/ DMARC ‘monitor’ policies were used that will
eventually graduate to blocking policies
Example of inbound domains sent to your employees…
![Page 30: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/30.jpg)
30 © 2018 Proofpoint, Inc.
Why Automation Fails: Partner Limitations
Third Party Authentication Challenges
Tenant ID configuration, SPF include management, reporting
False positives from calendar invites (SPF misalignment)
Cannot sign DKIM, cannot report
Bounce management reporting Mfrom issue
Laborious process to get authentication correct
Double signing leading to intermittent DKIM failure, Mfrom issues
Deliberate SPF misconfiguration, do not understand authentication
30-40% DKIM failure rate
Double DKIM signing leading to intermittent DKIM pass rate
![Page 31: Thinking Differently: Protecting the Public, Employees ......Social engineering tactics over email to… Dupe a target into giving up money, data, information or access Email fraud](https://reader034.fdocuments.in/reader034/viewer/2022051804/5ff0eeb41dbd2f4f4262a872/html5/thumbnails/31.jpg)
31 © 2018 Proofpoint, Inc.
How DMARC Works
Email Received By
Recipients’ ISP/SEG
Has DMARC been
implemented for
“header from” domain?
Does email pass
DMARC authentication?
ISP/SEG Filters
& Delivers Appropriately
NONE
REJECT
Deliver Report
DMARC
Control & Visibility
Send to Junk
Delete
Deliver
ISP / SEG then send regular reports to DMARC Recipient detailing
what email authenticated, what email did not, and why.
Apply
Policy
NO
YES
YES
NO
DMARC Policy Settings:NONE: Entire email ecosystem is
monitored to map out legitimate
traffic.
: Messages that fail
DMARC move to the spam folder.
REJECT: Messages that fail
DMARC do not get delivered at all.
Visibility