The prevention of impersonation attacks on businesses requires strong security policies to be implemented, as well as vigilance on the part of employees. As these attacks are designed to take advantage of human error opposed to weaknesses in IT security, it’s important that employees are well informed on how to spot email impersonation – regardless of how strong a company’s spam filtering and IT security systems are.
What is email impersonation?
Falling under the category of “Social Engineering”, email impersonation is a form of phishing used by cybercriminals. Phishing is a cyber attack where fraudulent messages are designed to trick an individual into revealing sensitive information, or for deploying malicious software on a victim’s devices.
Email impersonation involves the attacker impersonating an individual the victim has a relationship with. This could be a supplier, customer, other employees, or even the victims manager or boss.
What does email impersonation look like?
Email impersonation can range in its complexity. Some may be poorly written and come from a random email. Others will go to great lengths to deceive, using a visually similar domain, getting pictures of the individual from online, and conducting research on who they will impersonate and who they will target to ensure a higher chance of a successful attack.
Email impersonation: What to look out for
Inconsistencies with email addresses or names:
Often the emails used for impersonating by attackers will be a slightly altered version of a legitimate email address, and the reply-to address may be different than the sender’s address. Additionally, the display name may match someone you know, but the email doesn’t. This is because across all email clients, you can choose what your display name is.
- Swapping letters out: “vv” for the letter w and “rn” for the letter m, such as in “rnicrosoft”
- Replacing letters with numbers: zero’s for the letter “o” and one’s for “l” or “i”
- Dashes, underscores, or periods in names or domains: @company-name.com instead of @companyname.com
Language that induces urgency, fear, or a threatening tone:
Requests for immediate action are ways social engineering attacks such as impersonation plays into their victims emotions. The attacker isolates their target from confirming the request with peers due to the urgency. Sometimes threats of negative consequences if the request is not completed quickly enough are made.
Requests for confidentiality:
To further isolate their target, attackers may ask that the request be kept confidential. They may suggest the employee is involved in an important, exclusive, and secretive operation.
Unusual or new requests:
A common occurrence is the request for gift cards to be purchased, hundreds or thousands of dollars worth. Additionally, requests for sensitive information such as banking details or money transfers may be made. Attackers often impersonate CEO’s or managers for these types of attacks.
How can you protect your business from email impersonation attacks?
There are three key points to follow to ensure protection from social engineering attacks of any kind, including impersonation attacks.
Ensure all employees are well informed, and understand the risks regarding social engineering attacks such as impersonation.
As a base, you should always look at the email address of a sender before responding or actioning a request. Many impersonation attack emails will come from an address with the incorrect domain. If you normally receive emails from email@example.com, but now you are getting emails from firstname.lastname@example.org, flag this issue with you management and IT immediately.
Open communication is critical in stopping impersonation attacks if not caught by vigilance as detailed above. If ever unsure about the legitimacy of an email, there must be an environment for open communication where individuals feel confident they can contact the supposed sender directly to verify the authenticity, despite any claimed urgency.