Since the 1960s, “Stranger Danger” has been used to warn children about the risk of interacting with people they don’t know. Recently, we co-opted the term in a blog post to relate it to the dangers of phishing scam emails from strangers offering employment opportunities, money-saving deals, requests for details about a personal account, and the like. Ultimately, these emails are sent to convince unsuspecting people to click on a malicious link or attachment to steal funds or sensitive information. Now, like the kids who wised up to the danger of strangers over the years, email recipients are slowly wising up to email stranger danger.
Unfortunately, there’s a downside to all this. The stranger danger campaign eventually drew fire from critics who claimed that the campaign led kids to believe that all of the people they knew were safe, when it's acquaintances who often pose the most danger. The same can be said for potential phishing attacks. While many people remain alert when they encounter an email from a stranger, they’re likely to let their guard down when the email appears to have been sent by someone they know personally (or are at least familiar with).
The Rise of BEC Phishing Attacks
With email users smartening up to basic deceptive phishing techniques, scammers knew they had to up their phishing game. So, their tactics became more sophisticated, and their emails got smarter.
Instead of sending out large batches of impersonalized emails to try to hook anyone they could, phishers developed Business Email Compromise (BEC) phishing scams. BEC email fraud targets specific people and are designed to look like they’re being sent from someone the victim knows or are at least familiar with. Email content may range from inquiries into sensitive data or credentials to requests for funds in the form of a wire transfer or gift cards (iTunes is a favorite).
In large corporations where employees know the names of executives and co-workers but rarely, if ever, interact with them, BEC phishing attacks can work splendidly (often, these emails will take on the CEO’s name to really increase odds of engagement). Thankfully, organizations now have a new way of fighting back.
Recognizing Social Circles
Wouldn’t it be great if, upon receiving an email, you were notified if the sender was truly someone you trusted, or at least trusted by someone you trust? While people may run in different social circles, these circles often intersect, as you've likely discovered yourself during "small world" moments on your favorite social networks.
To consider how this could play out, you don’t need to look any further than your own LinkedIn account. If you click on a contact’s profile, you may find that they are also connected with someone else you know; someone that you would never have even suspected! That’s why, when you get a connection request, LinkedIn will also inform you that the requester is connected with people you know; this legitimizes the request in people’s minds and allows them to grow their professional network with confidence.
This is precisely how a trusted business graph works. It’s a digital map of the relationship patterns of an organization. It examines each user’s individual interactions to assess which internal and external people are trusted and frequently interacted with, and joins them together to create a unified organizational view of external users that are trusted, untrusted, or just unknown to the organization.
Benefits of an Email Social Graph
Organizations can use an anti-phishing solution built on a trusted graph to prevent BEC phishing attacks. The graph is initially calculated to include known and trusted internal and external email addresses. The graph quickly matures, learning patterns of employee email behavior in order to recognize other safe non-corporate emails, such as the CEO’s personal Gmail address. Now, a quick email send from the head honcho’s phone on their Gmail account can get through to the intended individuals without incident (and recipients can click without worry).
The social graph defense works in the opposite manner as well by flagging unrecognized emails and instructing the recipient to use caution. It takes this one step further when an email comes through that is close to a trusted address yet contains discrepancies. This is a common BEC phishing tactic; the phisher is counting on the recipient not noticing the minor discrepancy and believing that the email is the real deal. Because slightly skewed addresses are a strong indicator of an active impersonation attack, the email is immediately red-flagged as malicious with a PHISHING-ALERT. The email is disarmed so that, when the employee opens it, they remain protected while the phishing solution explains the reason for the flag. By letting employees know why an email is flagged rather than just locking them out, they’re more likely to feel actively engaged and want to protect themselves and the organization.
They say to keep your friends close and your enemies closer. But who wants to be near their enemies? By utilizing social graphs, you can block those enemies entirely, surrounding yourself with explicitly and inherited trusted contacts so you can have confidence in every click. Want to learn more about the ways social graphs and active defense anti-phishing solutions can prevent potential phishing attacks? Contact ClearedIn and speak with one of our expert anti-phishermen today!