WATERTOWN, MA: Mimecast, an information technology and services provider, announces the availability of Mimecast Impersonation Protect, a cloud service which uses advanced scanning techniques to prevent whaling and other cybersecurity attacks by filtering for elements commonly used by criminals.
The Impersonation Protect combats against cybersecurity threats such as whaling or CEO fraud attacks by monitoring all email traffic for elements commonly used by criminals, including employee and domain names, and other keywords like ‘wire transfer,’ ‘tax form’ or ‘urgent. With Impersonation Protect IT administrators and security organizations can block suspicious emails or choose to display additional security warnings for employee awareness.
The latest research from Mimecast highlights the growing concerns of whaling and other security threats. Since January 2016, 67% of respondents stated that they had seen an increase in attacks designed to instigate fraudulent payments and 43% of the respondents saw an increase in attacks specifically asking for confidential data like HR records or tax information.
Impersonation Protect is a part of Mimecast’s Targeted Threat Protection and existing customers of Targeted Threat Protection get Impersonation Protect for free. Impersonation Protect provides customers of different sizes, comprehensive protection against whaling and other damaging forms of spear-phishing, such as weaponized attachments, ransomware and malicious links. Impersonation Protect also defends on-premises, hybrid and pure cloud email deployments including Microsoft Office 365.
“Email remains a highly popular attack vector for cybercriminals, for good reason: it is one of the most direct paths to entry into the enterprise, and it relies heavily (and all too often, successfully) on human behavior to assure initial penetration. This means that attackers will continue to prioritize email - and defenses must level up accordingly,” says Scott Crawford, Information Security Research Director, 451 Research. “Whaling, for example - the targeting of executives and highly placed individuals in an organization - is becoming a more frequent variant of spear-phishing, and is a tactic cybercriminals are using with great success. These and similar CEO–fraud attacks would benefit from a security approach tailored to the changing threat landscape, such as in–context user awareness training where users receive not only warnings and guidance about the threat of clicking on phishing links or opening up malware-laden attachments, but also indicators of fraudulent emails masked as executive communications.”