What Is A Business Impersonation Attack?

An impersonation attack is a cybercrime in which a criminal poses as a trusted person or organization to steal confidential data or money. Attackers use social engineering tactics to assume an identity, by either compromising an account or creating a lookalike, and convincing targets to complete routine tasks such as paying an invoice, sharing a file, or opening a link.

Impersonation is a common tactic in attacks like CEO fraud, business email compromise, and supply chain compromise. According to the FBI, impersonation attacks cost organizations billions of dollars every year. These attacks are difficult to detect and prevent as they prey on the human element, rather than traditional cyberattacks which are more technical in nature. This article will discuss how these attacks work, why they succeed, and how to stop them from causing harm to your organization.

How Does An Impersonation Attack Work?

A business impersonation attack is the result of an attacker posing as a trusted person to steal or compromise sensitive information from a company or its customers. The goal of these threat actors can include getting money transferred to a fraudulent account, hacking into the company’s network, or accessing sensitive company data. This attack mostly occurs through fraudulent websites, social media platforms, and even emails. Some ways business impersonation attacks can happen include:

• Attackers can impersonate the CEO or a high-level executive of the company to convince a low-level employee to follow instructions without any doubt to gain access to sensitive data. 
• Attackers can impersonate popular brands and reach out to customers to steal their personal and financial information.
• Attackers can pretend to be third-party vendors to manipulate company employees into paying fake overdue invoices.

Specific targets and methods may vary, however, impersonation threats are usually delivered as an email attack using the following steps: 

• Select a target: identify a target who pays invoices or has access to sensitive data.
• Research the target: study the target’s responsibilities and relationships, including vendors they work with and executives they report to.
• Pick an identity: once an attacker has enough information on the target, they repeat the process with the trusted individual to convince the target. 
• Impersonate: imitate the email account to look authentic or even compromise the identity’s actual account. 
• Contact: once the attacker has a target, a plausible outreach story, and an impersonated account, they reach out to the target.
• Request: the attacker asks the target to pay a fake invoice, send confidential information, or access a suspicious file.

Types of Attacks

Impersonation and spoofing are the two main forms of phishing attacks that target an organization’s employees. The terms seem interchangeable, however, they refer to similar but fundamentally different methods of attack. A spoofing attack tricks a computer while an impersonation attack tricks a human. Brand impersonation attacks are easy to build and even easier to execute, even for unsophisticated hackers. Some types of attacks cybercriminals will utilize include:

Email Spoofing

Email spoofing is a form of email fraud in which a malicious actor sends an email with a fraudulent “From” address. In an email spoofing attack, a cybercriminal masquerades as someone that the recipient knows and trusts such as an executive, a colleague, a reputable organization or a friend.

Business Email Compromise (BEC) and Whaling

Also known as email account compromise (EAC), BEC is one of the most financially damaging online crimes as it exploits email to conduct business. In a BEC scam, criminals send an email message that appears to come from a known source making a legitimate request.

Whaling attacks are similar to BEC attacks in that they both involve executives and aim to manipulate an employee to take on the perceived orders of an executive. The difference, however, is that BEC attackers masquerade as executives, while whaling attacks target them.

CEO Fraud

CEO fraud is a sophisticated email scam that cybercriminals use to trick employees into transferring money or providing them with confidential company information.

Account Takeover

Account takeover is an attack that involves threat actors stealing credentials to illegally gain unauthorized access to an account belonging to someone else. The victim is targeted because their account holds funds or access to products, services, or other sellable private information.

Fake Social Media Accounts

Threat actors may create a fake impersonation of business social media accounts of businesses or their employees by copying all the data from the original account. They can then reach out to customers or other employees to steal their data or money.

Fake Websites

A website impersonation attack, also known as domain impersonation or website cloning, is when a cybercriminal creates a fraudulent version of a website to manipulate customers and trick them into making purchases.

Recognizing an Impersonation Attack

Modern attacks that are highly targeted make them harder to detect. Some tell-tale signs you should look out for to detect these scams include:

Urgent Tone

Attackers want their victims to act without thinking and will use added pressure and urgent language because employees are more likely to act on instinct without taking the time to consider the situation. This is only more intensified if the orders are coming from senior executives in the company. 

Unusual Requests

Organizations will have procedures in place to ensure the utmost confidentiality of their data. If you receive an email request that doesn’t align with normal company processes, seek verification before sending data or transferring money. 

Incorrect Email Address

Scammers may use email spoofing to get into your inbox, so it is important to look twice before replying. To reveal the actual address URL, hover over the display name as it may be an entirely different address, or it could be a lookalike email with slight spelling variations. 

How Can I Keep My Organization Secure?

Cyber criminals are constantly finding new ways to exploit a business’s vulnerabilities and break into its systems. Some basic ways to spot harmful emails include:

• Check the sender's email address: an official-looking email address doesn’t necessarily mean that it’s official, but a random email address with no relation to the legitimate sender should be treated with caution.
• Look for spelling, punctuation, and grammar mistakes: official emails should be free from common mistakes. Pay particular attention to phrasing in the email, as many phishing scammers know English as a second language.
• Check links before clicking on them: hover over any links to have them displayed in your email client before clicking to verify they are actually going to the genuine website.
• Think about what the email asks for: legitimate organizations will never request your Social Security number or other account details via email.
• Don’t be provoked by a sense of urgency. Take your time. Think before you act.
• Avoid opening attachments in emails: opening an attachment in a phishing email can spread malware, such as ransomware, to activate locking up your computer and encrypting documents to block access. 

A successful attack can have lasting and severe consequences. Luckily there are greater methods you can implement to protect your business and customers. For example:

Multi-Factor Authentication

One method for reducing the effectiveness of credential stuffing is to use multi-factor authentication (MFA). MFA is a type of security technology that requires multiple methods of authentication to confirm a user’s identity for logins and other transactions. MFA works by combining the user’s credentials to confirm the user logging into the account is the owner.unusual location.

AI-Based Detection

Artificial Intelligence (AI) based tools for cybersecurity help reduce the risk of a breach and improve security postures. AI and machine learning (ML) learn from the past to identify new and emerging attacks using previous behavior to build profiles on users, assets, and networks, allowing AI to detect and respond to deviations from the norm.

Multi-Layered Email Security Protection

The vast majority of all cyber threats originate with an email. Implementing multi-layered email protection accompanied by expert, ongoing system monitoring, maintenance, and support will secure email by dynamically analyzing behavior, URLs, and files to keep cyberattacks from exploiting vulnerabilities. 

UK Transport Business Victim of an Email Scam

In 2021, a transport business within the UK was hit by a cyberattack where an email with a document containing a link to a fake portal was sent to the employees of the organization.

The fake portal required recipients to log in using Office 365 credentials upon which their credentials and passphrases were harvested and used to access the victims' mailboxes. Once logged in, the attackers leveraged email addresses from recently sent and received emails to deploy the attack. This resulted in the organization being the target of an attack from 5 different sources. Several staff members correctly identified the attack before entering credentials and reported it, allowing the IT team to implement rules in the business's email system to prevent the delivery of malicious messages from the affected third parties until the business had confirmed the compromised source mailbox had been secured.

The cyber-attack impacted third parties which provide services to the customers of the organization on behalf of them, and several suppliers were then targeted in an identical phishing attack.

Keep Learning

Impersonation attacks are just one way cybercriminals can sneak into your inbox. To stay fully protected against impersonation attacks, organizations must adopt a multi-layered approach to email security. 

• Learn more about an effective email security solution that understands the relationships you have with other people while gaining a deeper knowledge of the types of conversations you have with them.
• Prepare your business for cyberattacks to make sure employees stay safe online.
• Improve your email security posture to protect against attacks and breaches by following best practices.
• Keeping the integrity of your email safe requires securing the cloud with spam filtering and enterprise-grade anti-spam services.
• Get the latest updates on how to stay safe online.