What is the anti-whaling feature and how does it work?

RMail’s Anti-Whaling Imposter Protection feature protects Microsoft Outlook users against “whaling” attacks, also known as “Business Compromise Email” (BEC) attacks. The FBI has reported that BEC attacks have been responsible for more than $3B in financial losses globally since January of 2015. BEC attacks describe an attack whereby a cybercriminal uses “imposter emails” to lure fund transfers or the transfer of valuable business information from corporate finance, HR, or other unsuspecting employees. The new patent pending RMail “Anti-Whaling” security feature uses proprietary algorithms to analyze email message characteristics, flagging a message when it appears to be an “imposter email.” The new feature is available now in the newest release of RMail’s add-in for Microsoft Outlook, which RMail customers can obtain by request.

1. In a “whaling” attack, there is often no telltale link to a fraudulent website.
2. The fraudulent email contains information specific to a transaction the victim is aware of and appears to be sent by a trusted individual.
3. Anti-Whaling security protects RMail users from imposter emails by analyzing message structure and issues a warning when the user is about to reply to a suspected imposter email. This analysis is conducted when for all REPLY, REPLY ALL or FORWARDED emails (not just messages sent with the RMail Send Registered service button).

Example whaling message and workflow:

There are two anti-whaling alert levels, “Caution” and “Warning” which appear depending on the matching whaling criteria and level of severity detected with the RMail proprietary algorithms.  

Anti-Whaling “Warning” Example:

1. An email arrives in the inbox with one email address in the “From” field:
   • Name: Jim Davis (known sender)
   • Email Address: jimdavis@company.com (known sender address)
2. The Reply, Reply All or Forward button is pressed and the RMail App for Outlook detects a cyber threat:
   • Name: Jim Davis (known sender)
   • Email Address: jimdavis@cybercriminal.com (unknown reply address)
3. In this example, the user will see a warning pop-up to stop them from unsuspectingly sending information to a cybercriminal.

The anti-whaling feature works for RMail users with the latest RMail App for Outlook desktop and can be visibly seen as enabled with the green anti-whaling icon on the bottom of the feature dialog. This can be disabled by users in the Security section of the Advanced System settings. IT staff can prevent users from disabling, or disable for all or some users with an installation configuration.