Email Address Mutation for Proactive Deterrence Against Lateral Spear-phishing Attack

[Download Paper]

Email spear-phishing attack is one of the most devastating cyber threat against individual and business victims. Using spearphishing emails, adversaries can manage to impersonate authoritative identities in order to incite victims to perform actions that help adversaries to gain financial and/hacking goals. Many of these targeted spear-phishing can be undetectable based on analyzing emails because, for example, they can be sent from compromised benign accounts (called lateral spear-phishing attack). In this paper, we developed a novel proactive defense technique using sender email address mutation to protect a group of related users against lateral spear-phishing. In our approach, we frequently change the sender email address randomly that can only be verified by trusted peers, without imposing any overhead or restriction on email communication with external users. Our Email mutation technique is transparent, secure, and effective because it allows users to use their email as usual, while they are fully protected from such stealthy spear-phishing. We present the Email mutation technique (algorithm and protocol) and develop a formal model to verify its correctness. The processing overhead due to mutation is a few milliseconds, which is negligible with the prospective of end-to-end email transmission delay. We also describe a real-world implementation of the Email mutation technique that works with any email service providers such as Gmail, Apple iCloud, Yahoo Mail, and seamlessly integrates with standard email clients such as Gmail web clients (mail.google.com), Microsoft Outlook, and Thunderbird.