Using QRadar Security Intelligence to Prevent Pretexting Attacks on Employee and Client Data

Imagine an attacker going to such great lengths that they create a new identity—or rather replicate an old, familiar identity that a financial organization’s staff or client base recognizes and trusts, like a C-level executive. This identity would be so well thought-out, researched, and executed that no questions would be asked when they reach out to that organization’s staff or client base with requests for classified information or sensitive data.

This is known as pretexting, and it is a specific mode of attack within the socially engineered phishing genre, one that is more than just the creation of a lie. Organizations need to examine how to prevent effective CEO email and other pretexting attacks that targets the data security of a financial organization’s internal staff and larger, “white gloves” clients. The single best way to prevent pretexting attacks is through the strengthening of defenses by adopting data-centric detection approaches.

What Is Pretexting?

Pretexting is a more well thought out, targeted email phishing attack with an impersonation layer built into the attack plan. Instead of relying on the instillation of urgency in the target, pretexting creates and adds a false sense of trust via a fabricated scenario to either obtain private information or to manipulate the target into doing something that allows an attacker to identify and exploit a weakness in a financial institution’s system.

The most well-known type of pretexting attack are CEO email scams. According to a Kreb’s report, $2.3 billion dollars was lost in CEO email scams. The FBI has reported a 270% increase in this scam’s identified victims and losses. All a cyber attacker only needs to accomplish in order to gain the keys to a financial organization’s kingdom is trust. Using a well-researched and well-executed pretexting attack plan against the human element can swing the data vault doors wide open. The weakest link in the security chainmail of any organization in the financial sector are the people involved. In order to address the weakest point in a security plan, a financial organization must educate and train its staff about pretexting attacks.

Prepare the Humans!

A financial organization’s staff can be targeted by any one of a number of pretexting attacks, though the most common route is through impersonating executive management, or by claiming to be a close associate or friend of an executive. It is important to include all employees about pretexting attacks, and not just those in IT, as anyone with any network access in the organization can be subjected to a pretexting attack at any time.

Once employees and staff have been briefed, it will be easier to convey this message to financial clients. An organization’s client base has its own risk levels. Even though their information will not affect a business’s systems if compromised, the amount of manhours to resolve a breached account of a client, as well as possibile financial damages to the client, inevitably subtract preventable costs from the bottom line.

It is also important for all levels of management is to establish clear out of office guidelines on how staff should handle information requests. Establishing this policy in a way that best suits the business flow of the organization will further harden the human element against pretexting attacks.

Preparing The Tech

Many financial organizations put together fantastic training aids for staff and customers, but unfortunately stop there. And while this is a great step in preventing pretexting attacks, this is only part of the story. It is important to committ to the prevention of pretexting attacks by fortifying organizational defenses via data-centric detection approaches. This needs to be done using automated behavioral and detection systems to create a high level of security intelligence through real-time analysis, reporting, and threat remediation on all data stored and transmitted to and from a financial organization’s walls. This is where QRadar comes to to the rescue.

The QRadar Security Intelligence Platform gives financial organizations a single, integrated security and event management tool that provides a great SIEM solution. The QRadar platform provides an advanced Sense Analytics Engine to detect potential threats before they can compromise data. This is especially a key win for organizations in the regulatory dense financial sector. My financial sector clients have reported large decreases in data breach attempts and, thanks to QRadar, pretexting attack attempts have been a non-issue.

Sink Pretexting

Pretexting attacks are a serious threat to financial institutions today, costing this sector billions in lost data and business uptime. QRadar provides gives financial organizations increased network visibility and threat detection in real-time and with real-time reporting. Furthermore, QRadar provides automated asset profiling and implements workflow management in order to track and resolve any detected threats. It is important to engage our experts at Champion, where we step up and provide the training for all of an organization’s staff while working with IT engineers to put into place a fully hardened, top notch, security intelligent SIEM platform that will make pretexting a thing of the past.


Maintaining Data Security in Multi-Site Disaster Recovery Plans


Enhancing Cloud Data Breach Discovery Using QRadar Security Intelligence