Cybercriminals are leveraging compromised MSPs (Managed Service Providers) to conduct a variety of attacks, including point-of-sale intrusions, Business Email Compromise (BEC), and ransomware. Impostors engineer lures using tricks like lookalike domains to pose as you in communications with your clients. You need a method to monitor what's happening in the ecosystem and detect when your email has reached an account outside your network that is being actively eavesdropped by cybercriminals.
RPost AI is the only way to see the unseen. RPost's Eavesdropping AI tracks the path of emails as they travel across the internet, from sender to recipients. It collects transaction metadata from each email account it passes through, analyzes this data, and identifies anomalies by comparing it to the customer's or user's AI risk model.
PRE-Crime™ targeted attack defense preemptively detects the most sophisticated in-progress attacks targeting you, your suppliers, and your clients, preventing cybercrime. RMail's Active Tracker™ technology actively monitors outbound email activity by IP, providing valuable information on who is reading emails, where they are being read from, on what devices, and more.
Fine-tuning the RPost AI risk model allows for tailored security measures. For instance, you can configure the system to trigger an instant red alert if access occurs through VPN anonymizers. As an admin, you have the flexibility to define what constitutes "hazardous" activity by managing detailed settings in the RPortal admin interface. This customization ensures that Email Eavesdropping™ alerts can precisely detect ongoing attacks and notify victims promptly to prevent theft.
If hazardous activity is detected, RMail instantly delivers an Email Eavesdropping™ alert to admins and/or senders, depending on your specific configuration.
If there is a red alert, you can pre-empt the cybercriminal from accessing sensitive content, ensuring a leak doesn’t turn into a breach by automatically locking access to content in E-sign transactions, attached documents, File Share links and RPDs created with RDocs, using the Auto Lock feature.
This article covers the following topics:
Active Tracker™ Report
The report indicates the green security level of the email open zone that triggered the notification, the number of opens, number of locations where your company’s email was viewed, and a world map highlighting the geographic location where the open took place.
The report then lists all activities with your email, details, timestamped, per geo location and IP address, plus the geo location risk level.
The details may include:
(M) The email was opened on a mobile device
(N) Content distribution network activated email content
(V) The email was opened from a VPN anonymizer
(S) Activity determined to be caused by a server
(E) Activity determined to be an expert user
(R) Activity determined to be related to a Russian-centric device
(K) Activity determined to be related to nefarious behavior of masking data
(B) Activity determined to be related to automation scripts or bots
(C) Risk identified based on administrator defined Custom Risk Zones configuration.
(L) User determined to be activating content in selected higher risk language.
Lastly, the email provides the original message details like original recipient, original sender (in the admin report), sent time and transaction ID, and includes a deep forensic meta data record in case IT security needs to do further investigation on a particular message.
Email Eavesdropping™ Report
If the Active Tracker TM technology identifies unusual activity patterns, RMail generates an Email
Eavesdropping™ instant alert, and notifies in real-time IT admins (an optionally senders).
The Email Eavesdropping™ Alerts include all the email forensics so that IT security specialists
can validate it and take immediate action after the hook is in, before consummation of the cyberattack. An example of a cyberattack that this can help prevent is wire fraud.
Aggregate Admin Report
Admins can receive an Aggregate Report, where they can analyze the metrics of all emails sent in their company, in a given period of time (daily, weekly, monthly, quarterly) and compare it against the previous period.