Having a member of your team log in from an IP address in San Diego and an hour later from an IP address in New York City should raise a red flag. This scenario is known as “impossible travel”; there’s no physical way to get from Point A to Point B in the time allotted.

Many systems are now using Impossible Travel to help catch Business Email Compromise.

Unfortunately, cyber criminals have noticed these measures and are implementing countermeasures; especially those in Asia and Eastern Europe.

By utilizing services that “rent” millions of residential IP addresses across the globe, there’s a good chance the criminal can pick one close enough to their target to not trigger Impossible Travel.

Takeaways:

1. Make sure Multifactor Authentication is enabled on all email accounts.

2. Provide effective security awareness training to help your Team identify Credential Harvesting attacks. Prevention vs. Cure.

3. Defense in depth is a good idea. The more hoops you can make an attacker jump through, the better.

4. Creative criminals are always looking for ways around your defenses. And if they can create a service they can rent to other criminals, so much the better for them.

Source: Microsoft

Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.