Phishing and Impersonation Protection

What is the difference between phishing and spear phishing?

Phishing attacks are mass emails that typically try to steal user credentials by getting victims to click on a link that leads them to a fake sign-in page. Once victims type in their credentials on the fake page, the attackers essentially gain access to a user’s bank account, email, or other sensitive data. Spear-phishing attacks are typically sent to a large number of recipients and are usually not personalized to a specific person or target.

Spear phishing attacks are highly targeted and researched personal attacks. Typically, attackers will send the target a series of legitimate-looking messages in order to trick them into making a wire transfer or sending confidential information. These attacks are difficult to intercept because they often do not contain obviously malicious payloads and are not mass emails that can be matched across many users.

What is business email compromise or BEC?

In 2013, the FBI began tracking business email compromise (BEC), where attackers target employees with access to company finances and trick them into making wire transfers to bank accounts thought to belong to trusted partners — except the money ends up in accounts controlled by criminals. The scammers use a variety of tactics to fool their victims. However, they typically start with a well-executed spear-phishing attack. They might spend weeks or months studying their victims (vendors, billing systems, communications style) and then send an email requesting that some amount of money be sent urgently to a “trusted” vendor. Because of the personal nature of the attacks (the familiar vendor, the “authority figure” such as a manager or CEO, the urgent request), legacy email security solutions fail to detect them. The FBI estimates that more than $5 billion has been lost to BEC in recent years.

What do you mean by "impersonation" attack?

Spear-phishing attacks rely on impersonation. The attacker pretends to be, or impersonates, someone you know and engages in conversation to build trust. This conversation frequently takes place over email but can happen over other communications platforms as well (e.g., chat, text messages, social networks). The attackers go to great lengths to pull off a successful impersonation attack, carefully researching personal details of their victims to know things like place of employment, impending transactions, where their kids go to school, who their favorite sports teams are, and so forth. The attacker often engages in multiple messages back and forth before requesting sensitive information (such as credentials, a wire transfer, or employee tax information).

What is Barracuda’s phishing and impersonation protection?

Barracuda offers a leading comprehensive AI solution for real-time defense against business email compromise, spear phishing, account takeover, social engineering attacks, impersonation, and other cyber fraud. Delivered as a cloud service, it combines an artificial intelligence engine that stops spear phishing in real time with API-based architecture to learn from historical communication patterns, creating a comprehensive solution that protects people, businesses, and brands from these personalized attacks. Barracuda integrates with Microsoft Office 365 to learn your organization’s unique communication patterns to predict and prevent future attacks. This messaging intelligence allows us to identify anomalies and stop these attacks in real time with zero impact on network performance or user experience.

How does the artificial intelligence engine work?

Our solution is powered by a multi-layer AI engine that detects and blocks spear phishing and socially engineered attacks in real time and identifies which employees are at highest risk. We combine information from multiple signals to learn the unique communication patterns of each organization and to analyze the content of the messages for sensitive information. Barracuda combines this messaging intelligence to determine with a high degree of accuracy whether an email is part of a spear-phishing attack that uses socially engineered tactics.

What happens when a spear-phishing attack is detected?

Messages identified as impersonation attempts, BEC, or spear-phishing attacks are either deleted or automatically moved to the junk folder in the end user’s mailbox, and the user and administrator receive an alert about the potential threat.

How much time will I spend installing and maintaining Barracuda’s AI?

It takes less than five minutes to get started with Barracuda’s AI for phishing and impersonation protection. You simply need Office 365 admin credentials to connect your account, and you can be set up within minutes. Barracuda’s API-based architecture has no impact on network performance, user experience, or your existing email security architecture. It's 100% cloud delivered, without any hardware or software to install or maintain.

Office 365 already has security features. Why would I need additional protection?

It’s true that certain Office 365 plans come with Exchange Online Protection and Compliance Center, which provides an initial layer of security. However, there are no native security features in Office 365 designed to stop business email compromise, social engineering, and spear-phishing attacks.

What's significant about the API-based approach?

Barracuda is the first API-based solution to provide comprehensive protection against account takeover and targeted attacks like spear phishing and business email compromise (BEC). We leverage the APIs of popular communications platforms, such as Office 365, to learn each organization’s unique communication patterns to predict and prevent future attacks. Our innovative technology stops account takeover, spear phishing, and BEC attacks in real time with zero impact on network performance or user experience. This API-based approach is important for several reasons:

• Historical data: Provides instant access to current and historical data. This historical data is crucial because without understanding the existing communication patterns in the company, it is impossible to detect anomalies and impersonation attempts. Traditional email security solutions would have to collect information for months or years before having enough information to create meaningful profiles.
• Internal messages: Provides access to internal communications, which gateway solutions cannot see. Internal emails provide a critical record of what’s “normal” in an organization. In addition, many attacks, such as internal phishing emails as a result of an account takeover, emanate from internal accounts. Solutions that cannot view, analyze, and understand internal communication patterns are useless against these types of attacks.
• Simplified setup and management: Very easy to set up and has no impact on network performance.

Why do I need API-based protection on the top of an existing secure email gateway?

Traditional secure gateways sit between external senders and the user’s mailbox. Therefore, they can only see email as it’s coming in from external sources. They usually rely on global rules and malicious signals to detect email fraud. These solutions are a must-have for detection of large-scale attacks that are coming from external, low-reputation senders or contain malicious code. However, gateways struggle to detect targeted attacks, those coming from trusted senders, or that contain links leading to pages that don’t appear to be malicious. Secure gateways have no visibility into internal communications, and therefore, can’t intercept attacks coming from internal users.

In addition to traditional gateways, Barracuda uses Office 365 APIs to directly integrate with your employees’ mailboxes, giving it access to external, internal, and historical mail flow. This allows Barracuda’s AI to learn the behavioral patterns of each user. It can then spot anomalies to flag attacks, rather than using the rule-based approach used by secure gateways. Visibility into internal communications enables Barracuda to detect attacks that originate from internal accounts, which is critical for detecting account takeover. This approach is more effective in detecting sophisticated targeted attacks that get through your secure email gateway.