Home Security Trend Micro addresses BEC with style analysis

Trend Micro addresses BEC with style analysis

Security software vendor Trend Micro is about to launch a new feature that uses AI to help protect its customers from fraudulent emails impersonating senior executives.

Business email compromise attacks are a growing problem that is costing organisations billions of dollars.

Some of these attacks are more sophisticated than others, but at heart they rely on tricking people into making payments to the fraudsters. Examples include instructions seemingly from a supplier that payments should be made to a new bank account that is actually under the control of the criminals, or instructions apparently from a business owner or senior executive to make an urgent — and often large and "secret" — payment to a particular account, perhaps as part of an acquisition deal.

RSM Australia partner Michael Shatter suggests employees should be trained not to rely on email when something out of the ordinary happens.

If they receive an invoice or email that specifies a change of bank account for the supplier, they should not blindly act on it, and nor should they respond by email. Someone may have gained access to the supplier's email account, or the From: address may be spoofed. Instead, they should phone the supplier — on a number known to be correct, not just the one shown in the invoice or email! — and check with the owner or an appropriate member of the finance staff.

Similarly, any unusual instructions from the business's owner or other senior executive for payments to be made urgently should be treated with suspicion. He recommends people walk across the office or pick up the phone, and ask the person concerned for confirmation.

Part of the problem, according to Shatter, is that some fraudsters are adept at crafting emails that accurately mimic the tone and style of the person they are pretending to be. This is presumably achieved by gaining access to their email account and examining the way they write to particular people.

Trend Micro is bringing technology to bear on this problem.

Trend Micro Writing Style DNA uses AI to "blueprint" a user's style of writing, taking into consideration more than 7000 characteristics, the company said. When an email seems to be impersonating a significant user such as the chief executive, the recipient, the implied sender and the IT department are all warned.

Feedback from executives on the flagged emails helps improve detection and reduce false positives.

According to Trend Micro, Writing Style DNA's authorship analysis complements existing AI inspection layers that focus on email intent and attacker behaviours, spotting attackers who hijack legitimate domains or accounts to circumvent traditional filters.

"The future threat landscape requires AI-powered protection that leverages expert rules and machine learning," said Trend Micro chief executive Eva Chen. "We are proud to add another industry first in this area.

"This new capability is the perfect complement to our existing email security as well as the free phishing simulation and awareness service we're making available to businesses. In a world of increasingly sophisticated and financially damaging email fraud, multiple layers are needed to put organisations back on the offensive."

Writing Style DNA will be released in June as part of Cloud App Security for Microsoft Office 365 and ScanMail for Microsoft Exchange. It will be included with existing BEC protections at no extra cost.

In related news, Trend Micro has introduced Phish Insight, a free phishing simulation platform that allows businesses of all sizes and budgets to test their employees’ understanding of scam emails. The idea is that organisations use the simulation results to customise an education campaign for their staff.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

RECOVERING FROM RANSOMWARE

Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.

DOWNLOAD THE REPORT!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

 

Popular News

 

Telecommunications