Wire transfer phishing is a growing threat
Wire transfer phishing is one of the latest email threats to IT security. In a wire transfer phishing attack, hackers use email to impersonate a high level employee — often a CEO or CFO — and convince an employee with financial access to transfer money to a fraudulent account. Wire transfer phishing attacks often involve email that appears to be a trusted source but on closer inspection is actually a separate, fraudulent domain name.
1The FBI estimates that wire transfer phishing attacks, also known as whaling and business email compromise attacks, rose more than 270% in the first eight months of 2015. Businesses losses have totaled more than $2 billion since January 2015, often generating income for organized crime. With the number of attacks expected to rise, organizations everywhere are seeking more effective email phishing protection.
Stop wire transfer phishing
Mimecast provides protection from wire transfer phishing and other advanced targeted attacks as part of its Targeted Threat Protection service. By extending existing security gateway services to protect against a broad range of sophisticated attacks, Mimecast's wire transfer and spear phishing protection prevents employees from falling prey to malicious links, weaponized attachments and social engineering techniques.
Mimecast provides wire transfer phishing protection for all devices, including corporate desktop and mobile devices as well as employees' personal devices. By scanning inbound emails in real time, Mimecast provides instant and complete protection against these attacks that rely on sophisticated social engineering techniques.
How to prevent the threat of wire transfer phishing
Mimecast Targeted Threat Protection -- Impersonation Protect scans all email as it passes through the Mimecast Secure Email Gateway, examining several parts of each message to spot key indicators of a wire transfer phishing attack. Indicators include:
- A false display name or friendly name that is attempting to spoof an internal email address.
- A domain name that is a close match to the existing corporate domain.
- The age of the domain name, as newly registered domains are more likely to be suspicious.
- Certain language in the body of the message, including phrases like "bank transfer" or "wire transfer".
When an email seems suspicious, Mimecast blocks it, quarantines it for review or tags it as suspicious before sending it on to the employee, depending on rules set by IT administrators.