New Anti-Whaling Security Feature Prevents Business Email Compromise (BEC) Attacks
Los Angeles, CA – April 28, 2016 – RMail’s new Anti-Whaling™ security feature adds imposter protection for email and prevents email conversation hijacking, putting a stop to one of the most sophisticated and financially-damaging cyber-crimes targeting businesses today. Referred to by the FBI as Business Email Compromise (BEC) crimes or by technologists as “spear phishing” or “whaling” (when targeting company executives or wealthy individuals), this threat involves the use of imposter emails to lure target recipients into wiring funds to bank accounts controlled by Internet criminals. RPost’s update release of the RMail® add-in for Microsoft Outlook and Office 365 Outlook contains the first-ever security feature to detect and prevent BEC whaling attacks.
RPost® released the RMail Anti-Whaling feature last week at the Real Estate Services Providers Council (RESPRO®) annual conference, the largest gathering of the integrated residential real estate, title insurance, mortgage, and consumer finance service providers.
“The residential real estate sector is a choice target for Internet criminals that use socially-engineered imposter emails to perpetuate BEC whaling attacks,” said RPost CEO Zafar Khan. “We are pleased to have developed an innovative solution to the industry’s most costly Internet crime.”
At the conference, RESPRO® identified RPost technology as its top choice in the RESPRO® Security and Compliance Buyer’s Guide (download PDF guide) and further endorsed use of RPost technology for the highest levels of security and compliance by the integrated real estate industry. RPost first announced its Anti-Whaling feature to the Microsoft Office 365 technology, MSP, and reseller community at the Ingram Micro Cloud Summit conference on April 12.
Overview of Business Email Compromise Crimes
In a BEC or “whaling” attack, an Internet criminal may use premium access to social networking and online transaction platforms and/or information from intercepted email messages or compromised email accounts to research target individuals and learn about established work flows for wire transfers or transfers of other financially lucrative information. The Internet criminal then sends one or more emails, pretending to be the executive who typically initiates the request for these wire transfers, requesting that an unsuspecting employee with authority to process a wire transfer do so immediately.
The Internet criminal gains trust by using social engineering. He or she uses the same messaging style and patterns as the person he or she is impersonating, and the imposter emails use the correct sender name and “from address.” There is often an instruction to keep the transaction a secret, or to bypass the usual precautions due to the urgent nature of the request. The Internet criminal tricks email recipients further by sending these cleverly written imposter emails in a manner that invisibly hijacks reply conversations so that the Internet criminal can continue its charade posing as a known sender. After some back-and-forth correspondence, the Internet criminal may succeed in luring the unsuspecting email recipient into sending funds for a seemingly routine payment, to a disguised bank account controlled by the Internet criminal.
The FBI reports that BEC crimes are responsible for more than $1.2 billion in losses in recent months, in average increments of $6,000 from individuals and $130,000 from businesses. The FBI also reports that in recent months, there has been a 270 percent increase in identified victims’ exposed losses, and that these particular Internet crimes have been reported in all 50 U.S. states and in 79 countries. Fraudulent transfers have been reported going to 72 countries; however, the majority of these transfers are originating in the United States and are going to accounts that appear to be Wells Fargo, Chase, or Bank of America accounts.
BEC or “whaling” attacks may vary in tactics and process, depending on the target’s industry or profession. RPost has identified and described examples of these BEC crimes in the residential real estate, insurance broker, legal, and general business sectors.
RMail also recently highlighted a high-profile BEC attack that was able to lure a $480,000 wire transfer.
RPost’s Anti-Whaling Imposter Protection Technology
RPost Anti-Whaling™ email technology is available in the upcoming update release of RMail for Microsoft Outlook (versions Outlook 2010, 2013, 2016) and Office 365 Outlook. Prior to a recipient replying to or complying with an imposter email of this type, the RPost technology uses advanced algorithms to analyze message characteristics and patterns, alerting the recipient if a message is likely to be an imposter email of this type.
This RPost technology is part of RPost’s secure communications platform that includes email encryption, certification, authentication, and messaging analytics, and is protected by US Patent 8504628, and US patent applications 62317263 and 62313672.
The global leader in secure and certified electronic communications and World Mail Award winner for “Best in Security,” RPost has helped businesses enhance their security, compliance, and productivity for more than a decade. RPost is the creator of the patented Registered Email™ technology, which provides email senders with Legal Proof® evidence of delivery, time of delivery, and exact message content in the form of a Registered Receipt™ email record. Since inventing Registered Email™ technology in 2000, RPost has successfully commercialized software platforms to track, prove, e-sign, and encrypt, used by more than 25 million people throughout the world. For more information on RPost, please visit https://www.rpost.com.