Email account compromise (EAC) is a highly sophisticated attack in which attackers use tactics like password spraying, phishing, and malware to compromise victims’ email accounts, gaining access to legitimate mailboxes.
Understanding email account compromise
Email account compromise involves attackers gaining unauthorized access to a legitimate email account. They employ various tactics, including brute force attacks, phishing, and malware, to obtain the account credentials. Once inside, the attackers can access valuable information, such as emails, calendars, contact lists, and files in shared folders. This trove of data allows them to profile their victims and carry out sophisticated attacks.
The primary objective of EAC is for the attacker to impersonate the victim and manipulate their email communications. Mimicking the victim's writing style, tone, and timing can send convincing messages to deceive recipients. These messages often involve fraudulent wire transfers, payment requests, or attempts to extract sensitive information.
Related: What is an impersonation attack?
Common techniques used in email account compromise
Brute force attacks
One prevalent method used by attackers is the brute force attack. This technique employs automated tools to repeatedly guess usernames and passwords until they gain access to the targeted email account.
Phishing
Phishing is another commonly employed tactic in EAC. Attackers send emails that appear legitimate, often mimicking trusted entities or individuals, to trick recipients into divulging their login credentials. These emails may contain links to fake websites designed to steal sensitive information.
Malware
Malware, such as keyloggers or stealers gain unauthorized access to email accounts. These malicious programs can record keystrokes or capture login credentials, allowing attackers to discreetly monitor the victim's email communications.
Types of email account compromise schemes
Email account compromise schemes can take various forms, each with the potential to cause significant financial and reputational damage. Let's look at two common types of EAC attacks:
Supply chain hijacking
In this scenario, the attacker compromises an employee's email account, often from the accounting department. Once inside, the attacker creates a forwarding rule to collect copies of all incoming and outgoing messages. They closely monitor the compromised account to gather information about billing, customer interactions, and other relevant details.
Armed with this knowledge, the attacker crafts invoices that appear legitimate, complete with proper terminology and logos. These fraudulent invoices are then sent to unsuspecting customers, who unknowingly make payments to the attacker's bank account instead of the intended recipient. This type of attack results in financial losses for the targeted company and damages customer satisfaction and trust.
Payroll redirection
In a payroll redirection scheme, the attacker gains access to an employee's email account and sends a request to the human resources department. The email requests an update to the victimized employee's direct deposit information, replacing the legitimate bank account with the attacker's account details. As a result, the victim's salary is redirected to the attacker's bank account, bypassing the intended recipient. This attack can cause personal financial harm to employees and disrupt payroll operations within organizations.
Protecting against EAC attacks
Implementing a single technical control or relying solely on security awareness training is insufficient to effectively protect against EAC attacks. Here are some measures organizations can take to defend against these attacks:
Strong authentication and password practices
Encourage employees to use strong, unique passwords for their email accounts and implement multi-factor authentication to add an extra layer of security.
Email filtering and anti-spam measures
Deploy email filtering solutions to detect and block phishing emails and malicious attachments, reducing the likelihood of successful EAC attacks.
Employee education and security awareness
Regularly train employees on recognizing phishing attempts, suspicious emails, and other social engineering techniques. Teach them to verify email addresses and exercise caution when clicking on links or providing sensitive information.
Monitoring and detection
Implement systems and protocols to monitor email traffic, detect anomalous activities, and identify signs of compromised accounts or unauthorized access.
Secure email gateways
Utilize secure email gateways to enforce email authentication controls which can help prevent email spoofing and unauthorized use of email accounts.
Regular software updates
Keep all software and systems up to date with the latest security patches to mitigate the risk of malware-based attacks.
Incident response and recovery
Develop an incident response plan that outlines the steps to be taken during an EAC or BEC attack. Regularly test and update the plan to ensure its effectiveness.
See also: HIPAA Compliant Email: The Definitive Guide
Farah Amod
