S/MIME Email Protection from Spear Phishing Attacks

Our first S/MIME post provided a broad overview of the challenges that organizations face when it comes to email security, as well as an introduction to S/MIME technology that can be used to combat many of those vulnerabilities. In this post, we get more specific and talk about how S/MIME can be used to combat “spear phishing” attacks.

The term Business Email Compromise (BEC) is well-known in the cybersecurity industry, but it refers to just one specific type of spear phishing attack. Perpetrated using fraudulent emails pretending to be from a known or trusted sender, the intended goal of a spear phishing attack is to prompt the victim to carry out some action on their behalf.

This action may be as simple as revealing confidential information or as complex as completing a financial transaction. What sets spear phishing attacks apart from standard phishing attacks is that spear phishing emails are personalized to the recipient, lending them an added degree of apparent authenticity and making them more challenging to identify.

How do attackers make these emails appear legitimate? There are a variety of tactics available to them.

• Most of the time, the emails contain a spoofed header, making it look as though the message comes from within the organization. As we discussed in the previous blog, these attacks generally work by spoofing the “from” field in an email, making these messages incredibly difficult for even the most conscientious employee to identify as fraudulent.
• Generally, they will attempt to impersonate the CEO, company president, or other C-level executive whose authority that an entry or mid-level employee would be unlikely to question.
• Detail-oriented attackers may even generate an entire fake email chain below the message to make it appear even more legitimate. And although employees should be trained to watch for warning signs, people are fallible.

The fallibility is what attackers hope to exploit. If the CEO of a company asks an entry-level finance employee to push through a money transfer, will that employee feel comfortable raising flags? If that same email goes to a dozen difference finance staffers, will they all succeed in recognizing the email as fraudulent?

It only takes one mistake—one employee who approves a transfer to a scammer’s account—and that money will almost certainly never be recovered. Scammers are smart, and any money they receive will be quickly stashed away where it is all but impossible for law enforcement to reach it.

S/MIME solves this problem in the simplest possible way: by providing an un-spoofable indication of the mail sender’s true identity. Without S/MIME, there is nothing—truly, nothing—that the average email user will know how to look at in order to differentiate a real sender identity from a faked sender identity. With S/MIME, employees will know to simply look for the correct email signature accompanying an incoming message in order to know that the sender has been verified. This doesn’t mean that employees no longer need to worry—it’s still important to be vigilant. Remember, one slip may be all it takes to cause a major breach. But it does provide a way to verify the integrity of any message (and any attachments it may contain) that cannot be forged.

By deploying S/MIME email certificates across your organization, your employees will now instantly be able to verify the origin of any message they receive from a member of your organization, whether that email raises their suspicions or not. And by removing the weight of that responsibility from employees and instead placing it on the mail client itself, S/MIME adds a critical extra layer of protection for your information that is independent from human error.

For more information, read Why Email is Vulnerable and How S/MIME Can Help, the first in our five-part S/MIME 101 blog series.

Next up: S/MIME 101: How S/MIME Can Help with HIPAA Compliance.