IRONSCALES Deploys NLP to Automatically Prevent Business Email Compromise Attacks
Leader in self-learning email security becomes the first in anti-phishing to embrace NLP for malicious email classification; Adds new VIP impersonation protections for senior executives
IRONSCALES, the pioneer of self-learning email security, announced that it has deployed natural language processing (NLP), using advanced machine learning (ML) and neural networks, to automatically detect and respond to the most common types of business email compromise (BEC) attacks. As an emerging phishing attack technique, BEC leans heavily on social engineering messages that rarely contain malicious attachments or links, resulting in frequent delivery into employee inboxes. In 2019, the FBI estimates that BEC attacks cost businesses at least $1.77 billion.
“Business email compromise has emerged as a major headache for companies of all sizes,” said Eyal Benishti, IRONSCALES founder and CEO. “We’ve been working for many years on building technology to reduce the risk posed by malicious messages that traditional email security safeguards were never built to detect. The addition of natural language processing further improves our ability to protect employee’s inbox from BEC attacks, while relieving security analysts from the burden of manually analyzing and remediating every single threat.”
For the past several years, IRONSCALES innovation has focused on attempting to verify ‘who’ is sending messages since BEC attacks are almost always delivered as an impersonated email. Now, IRONSCALES email security platform can also determine the ‘what’ is being sent by analyzing fraudulent language via NLP, a major step forward in reducing the risk of BEC attacks,
How NLP helps prevent BEC phishing attacks
Business email compromise remains difficult for legacy email security tools, such as secure email gateways, to prevent because such attacks do not leverage malicious URLs or malware attachments.
By deploying NLP, IRONSCALES can now analyze the email content for topic and sentiment to automatically classify BEC attacks that bypass gateway defenses. The 4 most common emails IRONSCALES classifies as BEC can be roughly split into four main groups, including:
- Employee availability checks
- Requests for an unspecific task
- Requests for a gift card
- Requests to change direct deposit, bank details or request for payment
“Being a self-learning platform allows us to very quickly pick up on new patterns and topics as they emerge,” said Lomy Ovadia, VP of R&D.
New VIP email impersonation protections
In addition to the new NLP-driven BEC protections, IRONSCALES is making it easier to protect impersonation attempts of VIP users. Now, attempted impersonation attacks of senior executives and high-level managers will be automatically detected by titles and recommended for automatic impersonation protection. This added capability will improve detection of any impersonation attempt that includes a VIP as the alleged sender.
“Not a day goes by that our executives aren’t impersonated,” said Amir Freudinger, IT Manager at Nano Dimension. “IRONSCALES continues to improve its ability to protect our employees, while not adding additional work for the security team. Such benefits are uncommon for the email security industry.”
Today’s news further reflects IRONSCALES commitment to email security innovation for which the company has previously won more than a half dozen prestigious awards. As of today, both the new business email compromise and VIP impersonation protections are now available as part of the IRONSCALES self-learning email security platform.