GlobalSign Blog

10 Sep 2018

Understanding The Dangers of Corporate Pretexting

Two months ago, the Monetary Authority of Singapore (MAS) warned consumers about the increase in phishing attempts in the country. DBS Bank also had trouble dealing with phishing websites recently. Phishing attacks are quite a headache for corporations in the APAC region and around the world. But a recent report released by global telecom company Verizon revealed a new form of phishing that requires more than sending a simple phishing link. They called it corporate pretexting.

What is Corporate Pretexting?

Verizon’s Data Breach Investigation Report (DBIR) defines pretexting as “the creation of a false narrative to obtain information or influence behavior.” It’s a more sophisticated form of phishing that involves the hacker impersonating an executive and engaging in a dialogue with the target. Pretexting can occur over the phone as hackers try to imitate how a certain executive speaks, but hackers usually take advantage of impersonating the email accounts of executives.

While the DBIR only recorded 114 successful data breaches out of 170 incidents globally last year, corporate pretexting still poses a huge threat for companies that have yet to upgrade their cybersecurity. For one, pretexting doesn’t rely on malware to victimize someone, as evidenced by DBIR when they found malware installations in less than 10% of the incidents. Hackers will gather information upfront as they try to extract money and corporate info under the guise of a high official.

To the surprise of no one, hackers tend to use this tactic to key employees in the finance and human resources department. They will ask the victims via a well-crafted email to transfer funds or disclose sensitive information. And if the employee isn’t alert enough, he or she could end up falling right inside the trap of pretexting. Some bold hackers would even attempt to take control of the executive’s email account, leading to six-figure losses and data leakage for the company.

One bright side the report pointed out was the increased awareness of employees when it comes to dealing with phishing emails. The DBIR found that 78% of their subjects didn’t click or engage with a phishing email in 2017. If anything, it clearly shows that educating employees about proper email security practices and increasing the cybersecurity efforts are effective in preventing cyberattacks. Still, companies should improve this percentage by doing better in terms of their cybersecurity efforts.

Securing Emails with Secure Email

Despite our small victories, we doubt hackers will stop doing what they do best. There are many ways to tackle the issue of corporate pretexting, but the most efficient is to handle it with Secure Email Certificates, also known as S/MIME. It provides encryption to your email servers, protecting all your emails both in transit and in storage. Hackers won’t be able to intercept your emails and they won’t be able to access your emails in your inbox. All-around encryption at its finest.

Not only that, S/MIME allows you to sign your emails to further authenticate your email and its contents. Each time you send an email to your colleagues, it will come with your unique digital signature that will indicate that you are indeed the sender of the email. Hackers can imitate the way an executive writes an email, but they can’t imitate a digital signature provided by a certified Certificate Authority like GlobalSign. Establish integrity, uphold privacy, and mitigate phishing and pretexting attacks easily with S/MIME.

Want to see GlobalSign’s Secure Email Certificates in action? Join us on September 19-20 at the Suntec Singapore Convention & Exhibition Hall as GlobalSign joins GovWare 2018, the most established premier conference and showcase for cybersecurity in Singapore. Follow us on Facebook for more event details. You can also click here to learn more about the basics of S/MIME.

Share this Post

Connect with us

fb_icontw_iconin_icon