The dangers of impersonation attacks

Impersonation attacks are emails that attempt to impersonate a trusted individual or company to gain access to corporate finances or data and are typically done using phishing (or spearphishing when it’s targeted at one particular individual). Email impersonation attacks are usually designed to trick recipients into making fraudulent financial transactions by pretending to be from someone they’re not.

 

Other malicious attacks that takes place through impersonation attacks include:

• Clicking on hyperlinks to take over the victim’s computer and/or stealing user credentials to facilitate fraud.
• Opening a file attachment to install ransomware on the victim’s computer to encrypt all files on the victim’s internal network in order to hold them for ransom.

 

Social networking sites have unbitentionally facilitated these forms of social engineering attacks and  cyber criminals are taking advantage of websites such as Facebook and LinkedIn to create lists of company employees and gather detailed information. This increases the credibility of their attacks.

 

Email impersonation can be accomplished in two ways: domain name spoofing and display name spoofing. With domain name spoofing, attackers send an email from a domain that looks like the real domain but has some nearly imperceptible differences. With display name spoofing, attackers send an email from any domain, usually a free one, but replace the “display name” with the name of an associate or authorised signer on an account. This attack is effective because most emails, especially mobile ones, only show the display name and not the ‘from’ address. Most email recipients don’t look very closely at this ’from’ email address and social engineering takes full advantage of that.

 

To counter these attacks, one should educate and inform employees about the specific dangers around email impersonation attacks. Users should also be trained on how to recognise impersonation emails and avoid falling victim to them. One should always be suspicious of unsolicited messages. If an email appears from a genuine company, do your research and use a search engine to visit their website or a phone directory to find their phone number, rather than clicking on links.

Then go a step further to make faking messages from your business difficult by using customised stationery and unique identifiers in messages to make it challenging for cyber-thieves to copy. Companies should invest in advanced email gateway technology to identify and quarantine suspicious messages through names, domains and keywords. Installing anti-virus and anti-malware software, firewalls and email filters will also keep these features up-to-date.

Social engineering attacks are on the rise. Through a combination of awareness, technology and better internal systems and processes, it is possible to reduce the risks and protect your business from financial and data loss.