While Social Engineering (SE) has been known for some time, it has not been a widespread threat to email until recently. A socially engineered attack can take the form of an email pretending to be from a high ranking individual asking for personal information, tax returns, or to wire funds. These types of socially engineered emails are known as whaling or business email compromise; they contain no attachments and no URLs, there is nothing to click on or analyze. Attackers use widely available social platforms (Facebook, LinkedIn, Twitter) to define their target and craft a highly believable message. Human resources, payroll, and finance individuals are usually the targets. The messages are very low volume, and highly targeted. Losses from SE attacks can be immediate and large. Over 3 billion dollars have been stolen since 2015 as a result of these attacks, and the growth has been over 270% since 2015, reports the FBI. Social Engineering attack losses impact revenue globally. No company is immune, and secure email gateways (SEGs) have not been traditionally focused on this space.
Generally, social engineering includes any attempt to manipulate persons into divulging sensitive information (e.g., personal information, financial information, computer security data, work-related confidential information, etc.). Thus, social engineers rely on people, rather than computer security holes, to obtain sensitive information through mediums such as email, Internet, or phone. Examples of social engineering tactics that rely on email include “phishing”, “spoofing”, and “pharming” scams. Phishing and spoofing include scams that combine social engineering tactics with email. Phishing includes the process of attempting to acquire information such as usernames, passwords, or financial information by masquerading as a legitimate and trustworthy entity in an electronic communication such as email. For example, an email may purport to be from a bank, a social website, or online payment processors. Such emails often direct recipients to enter sensitive information into a seemingly legitimate website that is actually a sham. Spoofing may occur when certain properties of an email message, such as the “FROM” field in the message header, have been altered to make it appear as if it came from a different source. Thus, the recipient may be tricked into believing that the email was sent from a legitimate source, and thereby, reveal sensitive information.
Given the publicity around dangerous email messages, end users lack trust in messages, even though most messages are harmless. This creates a situation wherein IT administrators are overwhelmed by emails submitted by end users, and must dedicate significant time and energy to investigation of many generally acceptable email messages.
While this has been a growing problem, it has recently hit critical mass. Secure Email Gateway (SEG) vendors are failing because a traditional rules-based approach will not catch all of the variants of this type of attack. Untenable billions of variations of indicators would have to be addressed.
What is needed is a system and method to provide the end user with a trust score on each message, providing visibility and insight into the risk factors, allowing them to make an informed decision on the validity of each email message. Even when a message is totally safe, users know it, preventing users from sending the message to their IT staff.