Security Market Segment LS
Wednesday, 18 April 2018 10:41

Trend Micro addresses BEC with style analysis


Security software vendor Trend Micro is about to launch a new feature that uses AI to help protect its customers from fraudulent emails impersonating senior executives.

Business email compromise attacks are a growing problem that is costing organisations billions of dollars.

Some of these attacks are more sophisticated than others, but at heart they rely on tricking people into making payments to the fraudsters. Examples include instructions seemingly from a supplier that payments should be made to a new bank account that is actually under the control of the criminals, or instructions apparently from a business owner or senior executive to make an urgent — and often large and "secret" — payment to a particular account, perhaps as part of an acquisition deal.

RSM Australia partner Michael Shatter suggests employees should be trained not to rely on email when something out of the ordinary happens.

If they receive an invoice or email that specifies a change of bank account for the supplier, they should not blindly act on it, and nor should they respond by email. Someone may have gained access to the supplier's email account, or the From: address may be spoofed. Instead, they should phone the supplier — on a number known to be correct, not just the one shown in the invoice or email! — and check with the owner or an appropriate member of the finance staff.

Similarly, any unusual instructions from the business's owner or other senior executive for payments to be made urgently should be treated with suspicion. He recommends people walk across the office or pick up the phone, and ask the person concerned for confirmation.

Part of the problem, according to Shatter, is that some fraudsters are adept at crafting emails that accurately mimic the tone and style of the person they are pretending to be. This is presumably achieved by gaining access to their email account and examining the way they write to particular people.

Trend Micro is bringing technology to bear on this problem.

Trend Micro Writing Style DNA uses AI to "blueprint" a user's style of writing, taking into consideration more than 7000 characteristics, the company said. When an email seems to be impersonating a significant user such as the chief executive, the recipient, the implied sender and the IT department are all warned.

Feedback from executives on the flagged emails helps improve detection and reduce false positives.

According to Trend Micro, Writing Style DNA's authorship analysis complements existing AI inspection layers that focus on email intent and attacker behaviours, spotting attackers who hijack legitimate domains or accounts to circumvent traditional filters.

"The future threat landscape requires AI-powered protection that leverages expert rules and machine learning," said Trend Micro chief executive Eva Chen. "We are proud to add another industry first in this area.

"This new capability is the perfect complement to our existing email security as well as the free phishing simulation and awareness service we're making available to businesses. In a world of increasingly sophisticated and financially damaging email fraud, multiple layers are needed to put organisations back on the offensive."

Writing Style DNA will be released in June as part of Cloud App Security for Microsoft Office 365 and ScanMail for Microsoft Exchange. It will be included with existing BEC protections at no extra cost.

In related news, Trend Micro has introduced Phish Insight, a free phishing simulation platform that allows businesses of all sizes and budgets to test their employees’ understanding of scam emails. The idea is that organisations use the simulation results to customise an education campaign for their staff.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments