What Is A Business Impersonation Attack?
- by Justice Levine
An impersonation attack is a cybercrime in which a criminal poses as a trusted person or organization to steal confidential data or money. Attackers use social engineering tactics to assume an identity by either compromising an account or creating a lookalike; then, they convince targets to complete routine tasks such as paying an invoice, sharing a file, or opening a link.
Impersonation is common for CEO fraud, Business Email Compromise, and supply chain attacks. According to the FBI, impersonation attacks cost organizations billions annually. These attacks are difficult to detect and prevent, as they prey on the human element rather than traditional cyberattacks, which are more technical. This article will discuss how these attacks work, why they succeed, and how to stop them from causing harm to your organization.
How Does An Impersonation Attack Work?
A business impersonation attack results from a cybercriminal posing as a trusted person to steal or compromise sensitive information from a company or its customers. These threat actors work with the intention of meeting goals such as:
- Getting money transferred to a fraudulent account
- Hacking into the company’s network
- Accessing sensitive company data
This attack mainly occurs through fraudulent websites, social media platforms, and spear phishing emails. Business impersonation attacks can happen when an attacker:
- Impersonates the CEO, or a high-level executive of the company, to convince a low-level employee to follow instructions without hesitation in order to gain access to sensitive data.
- Impersonates popular brands to contact customers and steal their personal and financial information.
- Pretends to be a third-party vendor to manipulate company employees into paying fake overdue invoices.
Specific targets and methods may vary. However, impersonation threats are usually delivered as a phishing email attack using the following steps:
- Select a target: identify someone who pays invoices or has access to sensitive data.
- Research the target: study their responsibilities and relationships, including vendors they work with and executives they report to.
- Pick an identity: once an attacker has enough information on the target, they will assume the identity of a trusted individual to convince the recipient that the attacker is trustworthy.
- Impersonate: imitate the email account to look authentic or compromise the identity’s account.
- Contact: once the attacker has a target, a plausible outreach story, and an impersonated account, they reach out to the target.
- Request: the attacker asks the target to pay a fake invoice, send confidential information, or access a suspicious file.
Types of Attacks
Impersonation and email spoofing are the two primary phishing email attacks targeting an organization’s employees. The terms seem interchangeable. However, they refer to similar but fundamentally different attack methods. An email spoofing attack tricks a computer, while an impersonation attack tricks a human. Brand impersonation attacks are easy to build and execute, even for unsophisticated hackers. Some types of attacks cybercriminals will utilize include:
Email spoofing is a form of email fraud in which a malicious actor sends an email with a fraudulent “From” address. In an email spoofing attack, a cybercriminal masquerades as someone the recipient knows and trusts, such as an executive, a colleague, a reputable organization, or a friend.
Business Email Compromise (BEC) and Whaling
Also known as Email Account Compromise (EAC), BEC is one of the most financially damaging online crimes, as it exploits email to conduct business. In a Business Email Compromise scam, criminals send spear-phishing emails that appear to come from a known source who is making a legitimate request. Whaling attacks are similar to BEC attacks in that they both involve executives and aim to manipulate an employee to take on the perceived orders of an executive. The difference, however, is that Business Email Compromise attackers masquerade as executives while whaling attacks target them.
CEO fraud is a sophisticated email scam that cybercriminals use to trick employees into transferring money or providing them with confidential company information.
Account takeover is an attack that involves threat actors stealing credentials to gain unauthorized access to an account belonging to someone else. The victim is targeted because their account holds funds or access to products, services, or other sellable private information.
Fake Social Media Accounts
Threat actors may create a fake impersonation of business social media accounts by copying all the data from the original account. They can then contact customers or other employees to steal their data or money.
A website impersonation attack, also known as domain spoofing impersonation or website cloning, is when a cybercriminal creates a fraudulent version of a website to manipulate customers and trick them into making purchases.
How Can I Recognize an Impersonation Attack?
Modern attacks that are highly targeted make them harder to detect. Some tell-tale signs you should look out for to detect these scams include:
Attackers want their victims to act without thinking. They will use added pressure and urgent language because employees are more likely to act on instinct without taking the time to consider the situation. This is only more intensified if the orders come from senior executives.
Organizations will have procedures in place to ensure the utmost confidentiality of their data. If you receive an email request that doesn’t align with normal company processes, seek verification before sending data or transferring money.
Incorrect Email Address
Scammers may use email spoofing to get into your inbox, so it is essential to look twice before replying. To reveal the address URL, hover over the display name, as it may be an entirely different address or a lookalike email with slight spelling variations.
How Can I Keep My Organization Secure?
Cybercriminals constantly find new ways to exploit a business’s vulnerabilities and break into its systems. Some basic ways to spot harmful emails include:
- Check the sender's email address: an official-looking email address doesn’t necessarily mean it’s official, but a random email address with no relation to the legitimate sender should be treated cautiously.
- Look for spelling, punctuation, and grammar mistakes: official emails should be free from common mistakes. Pay particular attention to phrasing in the email, as many spear phishing emails from scammers know English as a second language.
- Check links before clicking on them: hover over any links to display in your email client before clicking to verify they are going to the genuine website.
- Think about what the email asks for. Legitimate organizations will never request your Social Security number or other account details via email.
- Don’t be provoked by a sense of urgency. Take your time. Think before you act.
- Avoid opening attachments in emails: opening spear phishing emails can spread malware ransomware to activate, locking up your computer and encrypting documents to block access.
A successful attack can have lasting and severe consequences. You can implement more significant methods to protect your business and customers. For example:
One method for reducing the effectiveness of credential stuffing is to use Multi-Factor Authentication (MFA). MFA is an email security technology requiring various verification methods to confirm a user’s identity for logins and other transactions. MFA combines the user’s credentials to ensure that the user logging into the account is the owner.
Artificial Intelligence (AI)-based tools for cybersecurity help reduce the risk of a breach and improve email security postures. AI and Machine Learning (ML) adjust from previous behavior in order to identify new and emerging attacks, building profiles on users, assets, and networks and allowing AI to detect and respond to deviations from the norm.
Multi-Layered Email Security Protection
The vast majority of all cyber threats originate with an email. Implementing multi-layered email protection accompanied by expert, ongoing system monitoring, maintenance, and support will secure email by dynamically analyzing behavior, URLs, and files to keep cyberattacks from exploiting vulnerabilities.
UK Transport Business Victim of an Email Scam
In 2021, a transport business within the UK was hit by a cyberattack where an email with a document containing a link to a fake portal was sent to the employees of the organization.
The fake portal required recipients to log in using Office 365 credentials, upon which their credentials and passphrases were harvested and used to access the victims' mailboxes. Once logged in, the attackers leveraged email addresses from recently sent and received emails to deploy the attack. This resulted in the organization being the target of an attack from 5 different sources. Several staff members correctly identified the attack before entering credentials and reported it, allowing the IT team to implement rules in the business's email system to prevent the delivery of malicious messages from the affected third parties until the company had confirmed the compromised source mailbox had been secured. The cyber-attack impacted third parties that provide services to the organization's customers on their behalf, and several suppliers were then targeted in an identical phishing email attack.
Understanding how various types of business impersonation attacks operate will be useful in protecting your company from similar forms of Business Email Compromise, CEO fraud, and other spear phishing emails that could result in a data breach
Keep Learning About Impersonation Protection
Impersonation attacks are just one way cybercriminals can sneak into your inbox. To stay fully protected against these email security threats, organizations must adopt a multi-layered approach to email security.
- Learn more about an effective email security software solution that understands your relationships with others while gaining a more profound knowledge of your conversations with them.
- Prepare your business for cyberattacks to make sure employees stay safe online.
- By following best practices for email security, improve your business’ posture and protect against attacks and breaches.
- Keeping the integrity of your email safe requires securing the cloud with spam filtering and enterprise-grade anti-spam services.
- Get the latest updates on how to stay safe online.
In this article...
Must Read Blog Posts
- Demystifying Phishing Attacks: How to Protect Yourself In 2024
- What You Need to Know to Shield Your Business from Ransomware
- Shortcomings of Endpoint Security in Securing Business Email
- Microsoft 365 Email Security Limitations You Should Know
- Email Virus - Complete Guide to Email Viruses & Best Practices
- How Phishing Emails Bypass Microsoft 365 Default Security
Latest Blog Articles
- Artificial Intelligence: A Powerful Tool and A Growing Threat for Cybercriminals
- Cyber Law in the Realm of Open-Source Software Security
- Guide To Avoiding the Growing Threat of QR Code Phishing
- Cyber Threat Hunting with Observability: Uncovering Hidden Risks
- Practical Advice for Securing IoT Email Against Hackers
- Email Phishing and ISO 27001: How to Mitigate the Risk of an Attack
- Demystifying Phishing Attacks: How to Protect Yourself in 2024
- 5 Email Security Resolutions Every CIO Should Make in 2024
- Email Security Guide for Waste Management Companies
- Complete Guide to Business Email Security