Business email compromise attacks are a growing problem that is costing organisations billions of dollars.
Some of these attacks are more sophisticated than others, but at heart they rely on tricking people into making payments to the fraudsters. Examples include instructions seemingly from a supplier that payments should be made to a new bank account that is actually under the control of the criminals, or instructions apparently from a business owner or senior executive to make an urgent — and often large and "secret" — payment to a particular account, perhaps as part of an acquisition deal.
RSM Australia partner Michael Shatter suggests employees should be trained not to rely on email when something out of the ordinary happens.
Similarly, any unusual instructions from the business's owner or other senior executive for payments to be made urgently should be treated with suspicion. He recommends people walk across the office or pick up the phone, and ask the person concerned for confirmation.
Part of the problem, according to Shatter, is that some fraudsters are adept at crafting emails that accurately mimic the tone and style of the person they are pretending to be. This is presumably achieved by gaining access to their email account and examining the way they write to particular people.
Trend Micro is bringing technology to bear on this problem.
Trend Micro Writing Style DNA uses AI to "blueprint" a user's style of writing, taking into consideration more than 7000 characteristics, the company said. When an email seems to be impersonating a significant user such as the chief executive, the recipient, the implied sender and the IT department are all warned.
Feedback from executives on the flagged emails helps improve detection and reduce false positives.
According to Trend Micro, Writing Style DNA's authorship analysis complements existing AI inspection layers that focus on email intent and attacker behaviours, spotting attackers who hijack legitimate domains or accounts to circumvent traditional filters.
"The future threat landscape requires AI-powered protection that leverages expert rules and machine learning," said Trend Micro chief executive Eva Chen. "We are proud to add another industry first in this area.
"This new capability is the perfect complement to our existing email security as well as the free phishing simulation and awareness service we're making available to businesses. In a world of increasingly sophisticated and financially damaging email fraud, multiple layers are needed to put organisations back on the offensive."
Writing Style DNA will be released in June as part of Cloud App Security for Microsoft Office 365 and ScanMail for Microsoft Exchange. It will be included with existing BEC protections at no extra cost.
In related news, Trend Micro has introduced Phish Insight, a free phishing simulation platform that allows businesses of all sizes and budgets to test their employees’ understanding of scam emails. The idea is that organisations use the simulation results to customise an education campaign for their staff.