PRE-Crime™ targeted attack defense preemptively detects the most sophisticated in-progress Business Email Compromise (BEC) attacks targeting you, your suppliers and your clients, preventing the cybercrime.
BEC attacks are a specific type of “phishing” attack that relies on targeting specific people within organizations. Attackers seek monetary payment as a direct outcome, and types of BEC attacks include (but are not limited to) diverting payment on a valid invoice to a fraudulent bank account, submitting a fake invoice for payment, among others.
This article focuses on the Eavesdropping™ solution. To learn more about the Active Tracking solution, please refer to this linked article.
Eavesdropping Alerts can be configured for administrators and senders, at company or user level. They provide insight into a potential cybercrime in progress at your recipient – before the cybercriminal cuts you (the sender) out of the communication.
There are many options for the administrator to adapt the threat thermometer and alert sensitivity. Admins can define green and red zones depending on where it would be expected or unexpected that the company’s business emails are opened. By default, any country that is not manually set to green or red will be yellow.
To learn about the Email Eavesdropping™ pricing, please contact your RPost Sales or Customer Success Representative.
To learn more about how to read the Pre-Crime Alert Reports, please refer to this linked article.
Configuring Email Eavesdropping™ Alerts
The Eavesdropping™ solution is configured in RPortal. If you do not have access to RPortal, and you are a Customer Administrator, contact your Sales or Customer Success representative. Note that the settings described below may not be available to all RPortal users. If you cannot follow the steps described below, contact you Sales or Customer Success representative.
To configure the Eavesdropping™ solution, follow these steps:
First, access RPortal
Then, access the Company Accounts module
Next, press on the Settings tab.
If you wish to configure the solution at company level, make sure you click on the Company Settings tab. If you wish to configure the solution at user level, make sure the Eavesdropping Alert field at company level is set to "Set by App". Click on the User tab, search for the corresponding user, and follow the next steps.
Select the Pre-Crime option from the left menu. When the Eavesdropping Alert option is enabled, a series of settings will become visible.
Set the Security Throttle to Low, Medium, or High based on your company’s preference:
- Low: Single-factor activity tracking - it only tracks opening.
- Medium: Multi-factor activity tracking - it tracks opening and international delivery status.
- High: Multi-factor activity tracking plus VPN detection and analysis - it tracks opening, international delivery status, and it analyzes whether a VPN has been used to open the email in question.
Configure the Sender Notification Sensitivity as applicable. The available options are:
- Do Not Send: No notifications will be sent to the email sender about open detections.
- Notify on First Activity: Only the first open detection will be notified to the email sender.
- Notify of Activity by Unique IP: Only one open detection per IP will be notified to the email sender.
- Notify on Every Activity: All activity will be notified to the email sender. Note that if the email is re-opened by the same IP within a 10-minute window, the open detection will be tracked only once.
Select which alerts are to be included, based on the risk zones detailed below, in the next step.
In addition, customer admins can configure the Admin Notification Sensitivity and send notifications to specific email addresses.
Finally, set the Risk Zones depending on where it would be expected or unexpected that the company’s business emails are opened. By default, any country that is not manually set to green or red will be yellow. Use the arrows to move zones to the right or left as applicable.
Save your changes.