Tackling Business Email Compromise (BEC) Email Impostors

March 28, 2022 / in Blog / by Zafar Khan, RPost CEO

The RMail Domain Age Detector Alerts Senders Before They Reply to BEC Domain Lures

Now that many of us are going back into the office (for now), some of those tried-and-true office quips are making a comeback. Ask your colleague how they’re doing, and they’ll say sarcastically, “living the dream.” Then there’s the one where your coworker asks, “hey, you working hard or hardly working?” Try not to groan. Then there’s the smart-aleck younger colleague who motions for you to exit the elevator first while saying, “age before beauty.” Before you say something to this colleague you may regret, consider telling him or her that, when it comes to internet security, age is beauty. What do I mean by this?

Just like whisky, blue jeans and friendships, internet domains (e.g., RPost.com) very much get better with age because they have an established history that imbues trust. Older websites rank better in search engines for this reason, and it makes perfect sense. Imagine if you googled, “war in Ukraine,” and the no. 1 result was from russiainsideinformation.ru instead of WSJ.com? The former website was established four weeks ago while the latter has been around since the dawn of the internet. Domain age matters.

Unfortunately, one trick of Business Email Compromise (BEC) email impostors is to understand who your suppliers, partners, and staff are and then buy a domain that is very similar to ones that your staff communicates with. Sending from this familiar-looking email address with one letter off in the domain (e.g., valleyinsurance.com vs. valleyinsrance.com) tricks the eye and mind because humans tend not to “read” every letter in a word let alone a long domain name. The mind is trained to look at patterns. Seeing the pattern but not the exact lettering of a familiar domain, the mind moves on to the next task, which is to click “send”, and there goes your company’s bank routing numbers or any other highly sensitive financial data.

One of the ways RMail software (running inside Microsoft Outlook) prevents mis-directing emails in response to impostor lures, is by in-the-moment of sending, displaying warnings to the sender based on real-time analysis of reply-to recipient domain age. The RMail “Domain Age Detector” will alert the sender right before they are about to reply to one of these newly created domain lures. Red means the domain is relatively new, and the sender should send using the utmost caution. So, in this case, age really is beauty—at least to e-security afficionados like us!

Learn more: Secure email encryption

Domain age alerts are just one of the many email impostor detection AI technologies in the RMail Human Error Prevention Kit. You can click here to read our recent RSecurity news release to learn more about these great new e-security enhancements.

Feel free to contact us to discuss how you can get started with RMail, the RSecurity suite or if you would like to learn more about our “Domain Age Detector”.