Cloudphish Unveils New Phishing Defense Solution
January 30, 2020
The FBI reports that direct financial losses caused by business email compromise (BEC) and email account compromise (EAC) has surpassed $12.5 billion worldwide. The frequency of these attacks continues to grow at staggering rates impacting more than 90 percent of organizations and accounting for nearly 1 percent of all emails sent. More alarming still, the level of sophistication behind these attacks continues to rise making phishing emails nearly indistinguishable to novices and IT professionals alike.
To help defend against this, Cloudphish launched a new solution capable of alerting email users when a fraudulent email impersonating a trusted contact is identified.
Cloudphish uses the Ethereum blockchain ledger to create an externalized verification framework for emails trusted users send and receive between one another. After a five-minute setup (browser extension, client add-in, or mobile app), Cloudphish integrates with a user’s Gmail or Outlook mailbox sending alerts in real time when an email from a trusted contact is legitimate or fraudulent.
While most email security tools focus on pinning down the moving target of what represents a fraudulent email, Cloudphish is focused on determining those that are valid, while still detecting and alerting users to the most common general phishing tactics employed today.
Successful phishing attempts employ a variety of strategies and target an even broader range of organizations but often share the commonality of being well researched, socially engineered and highly targeted. One such technique known as conversation-hijacking rose by over 400 percent between July and November of last year, according to research from Barracuda Networks. Using this tactic, hackers infiltrate ongoing real email threads by compromising a single user’s account and gaining access to internal conversations.
Don Maclennan, senior vice president for engineering and product at Barracuda Netwokrs told ZDNET, "Once they gain access to the account, attackers will spend time reading through conversations, researching their victims and looking for any deals or valuable conversations they can insert themselves."
In doing so, hackers can assume this legitimate user’s identity, copying conversation style and personality, to create a highly targeted and exceptionally convincing attack often yielding very large results. This technique cost businesses over $1 billion in 2019 according to the FBI.
“We saw an immediate need to provide companies, real estate firms and municipalities with a solution that effectively closes the door to the hackers’ key entry point (their email) to steal an organizations assets and reputation,” stated James Caron, founder and CEO of Cloudphish.
An ongoing ploy targeting the real estate industry takes a very similar approach. As a homebuyer reaches the final days of closing, attackers send fraudulent wiring instructions impersonating the buyer’s agent, attorney, title company or other trusted parties involved in the transaction.
Much like conversation high-jacking, real estate wire fraud emails cost homebuyers nearly. With inadequate defenses available to email users, these scams continue to prove extremely profitable and enticing to attackers.
What these popular scams have in common is their exploitation of trusted parties. Whether coworkers, clients, vendors, or friends, emails impersonating people we know stand the greatest chance of deceiving us leading to direct financial loss, data breach or ransomware attack.
Contact ALTA at 202-296-3671 or communications@alta.org.