The Security Threat:
Mail impersonation is among the most prevalent and successful cyber attacks in today’s digital landscape. This type of attack can be classified into two main categories: phishing and mail impersonation.
Phishing attacks aim to steal credentials by impersonating legitimate login pages, tricking users into revealing their passwords and sensitive information.
On the other hand, Mail impersonation attacks involve creating email communications that appear to be regular interactions between an organization and a vendor. These deceptive emails often lead the organization’s employees to disclose classified information or transfer money to attackers unknowingly.
Cyray’s Solution:
At Cyray, we employ a combination of ArcSight and our proprietary mechanism to identify various types of mail attacks and tailor our solutions to meet each customer’s specific needs.
Outlined below are some examples of our recognized methods:
Phishing Scenario: We assess the similarity between the email domain and the organization’s domain. If the similarity rate exceeds a predefined threshold, we trigger the corresponding rule in ArcSight.
| Organization Domains | Incoming Domains | Similarity Rate |
| atlantis.com | atlentis.com | 95 |
| atlantis.com | atlantis.cum | 95 |
| atlantis.com | atlas.com | 65 |
Impersonation Scenario: We compare the name of the email recipient with the full name of the organization’s users. We evaluate the similarity rate based on the full name or a part of it, taking into account cases where a person has a middle name.
| Organization User Full Name | Incoming Mail User’s Name | Similarity Rate |
| Wolfgang Amadeus Mozart | mozart.amadeus | 100 |
| Wolfgang Amadeus Mozart | wolfgang_amadeus | 100 |
| Wolfgang Amadeus Mozart | lake.amadeus | 50 |
By analyzing and correlating these similarity rates, we provide our customers with a comprehensive and dependable assessment of mail attacks on their organization.
We do not disclose the specific technical methods or algorithms we employ for security reasons. However, we offer these scenarios to our customers, enabling them to understand our approach better.
If you are interested in integrating this mechanism or exploring other specialized solutions for your organization, please feel free to contact us.
