Massive Phishing Email Campaign Affecting Major Bank Detected by DMARC Compass

Massive Phishing Email CampaignMassive Phishing Email Campaign
Share Button

For a while now, we have been talking about the importance of businesses taking back control of their email channel, to minimize the impact of phishing attacks against their brand and end-users. Since its inception, DMARC Compass® has enabled organizations to identify different authentication failures in their email platform, proactively detecting targeted attacks and preventing these attacks from spreading.

This month, DMARC Compass was able to detect and alert one of our customers about one of the most aggressive Phishing campaigns against them. Thanks to the visibility offered by DMARC Compass’ online portal, the financial institution was not only able to see sample fraudulent communication in a matter of minutes – accompanied by disabling service that our fraud intelligence solution provides – but they were also able to obtain technical details of the attack that were not possible to identify before having the platform. These include:

– More than 12,000 emails sent to potential fraud victims in the first hour of the attack. As reference, a large financial institution, on average, sends around 400k emails a day to its customers, including balance alerts, transactions over a certain amount, etc.

– Campaign consisted of more than 100K phishing emails sent over the course of four days.

– More than 200 IPs in different locations and providers globally were used for sending messages.

– Because DMARC Compass can save samples of the phishing email, the bank now has visibility into the subject and sender information used in the fraudulent communications.

This information led the financial institution to understand that the criminal group makes use of botnets to launch the attack, and to establish relationships between senders e-mail servers and hosts of fraudulent pages. All of this data is crucial for their ongoing forensic investigation. Similarly, knowing the size of the target of the attack made it possible to establish containment measures such as customer communications, and the increased use of systems and solutions for deactivation and safe browsing. Because the DMARC protocol offers the possibility to send these unauthorized emails to SPAM folders or directly block delivery, the standard itself may become an important addition to the protective layer institutions must adopt.

Email is one of the most widely spoofed corporate channels. Regaining visibility and control over your email channel must become a priority for organizations of all sizes and industries.

Leave a Reply

Your email address will not be published. Required fields are marked *