E-mail is the most widely used information exchange service in the ICT world. Financial crime is on the rise, through the fraudulent exploitation of business communication via E-mail. To this end, the attackers, often criminal organizations, use advanced resources aimed at misleading the target as to the true identity of their interlocutor and the legitimacy of the action to be carried out/authorized.
This type of crime, often framed in situations of Business E-mail Compromise (BEC) or E-mail Account Compromise (EAC), in which the attackers manage, through fraudulent processes, to make undue payments/bank transfers happen for their benefit, representing a real and quantitative risk for organizations and their value chain. In addition to the financial component, this service is used by attackers to carry out other attacks, such as data leakage, exploitation of different types of malwares to compromise the service, user equipment or in more complex cases (such as ransomware) the entire IT infrastructure.
It is increasingly important to ensure that the E-mail service is correctly configured from a security point of view and that users are made aware of the precautions to take when using E-mail.
This service is defined by the following elements:
Analysis of filtering and security
Security configurations are audited to analyze them for:
Analysis of the security configurations and controls of the E-mail service:
Awareness raising action for E-mail users in the organization
Awareness-raising sessions for the organization's employees, in Webinar format, where some of the most common threats will be identified, as well as the most used techniques and aspects they should be aware of to try to avoid falling victim to a fraudulent scheme.
Given the dependence of organizations on E-mail to conduct business, the use of various means to access E-mail, and the potential geographical dispersion of employees, the combination of the technological factor with the behavioral factor is essential for the attack surface to be reduced as much as possible and for organizations to be aware of and protect themselves against a growing threat to their business and their credibility in the value chain.
This service aims to help organizations strengthen their defenses against the growing threat of E-mail fraud by integrating human and technological aspects.