Impersonation attacks are a highly targeted form of phishing. Cybercriminals pose as trusted persons or organizations for fraudulent purposes. They will send emails that are credible enough to trick victims into sharing sensitive information or transferring money. Here are some of the techniques they use and ways to reduce the risks.
Who do scammers impersonate?
- A well-known brand: Scammers will often impersonate well-known brands such as Microsoft, Amazon or Facebook.
- A person with influence in an organization: Scammers impersonate CEOs or other senior executives so they can trick others, like lower-level employees, into following their instructions.
- A third-party vendor: In some cases, scammers will impersonate one business in order to target another. They may impersonate suppliers to trick employees into paying fake invoices.
CEO fraud usually starts with business email compromise (BEC), the fastest-growing type of phishing scam. As the emails leverage well-researched, sophisticated social engineering techniques, they don’t contain the type of malicious payload that legacy security systems can prevent. Perception Point has developed an advanced email security solution with unique algorithms aimed specifically at preventing any type of impersonation technique.
Brand impersonation attacks
Brand impersonation attacks usually involve sending out mass emails in the hopes that at least a few people will fall for them. The idea is to get victims to click on a link that takes them to a fake login portal where they are prompted to provide information like usernames and passwords. Bad actors rely on the trust in a particular company like Microsoft to steal login credentials, install malware on devices, provide other sensitive information or make payments for fraudulent services.
A common brand impersonation attack is a tech support scam where scammers coerce victims into downloading malware because they believe their computers are infected. FBI data shows that nearly 24,000 tech support fraud complaints were registered in 2021.
Scammers will impersonate CEOs or other senior executives to create a sense of power and urgency. This attack is usually via email, and it can be much more sophisticated than victims are prepared for. They usually use compromised email accounts and gather the information that gives their emails credibility. Almost every CEO attack is a request to send money to a particular account.
Cybercriminals may specifically target a company’s supply chain with phishing campaigns. If they are successful, they will then impersonate a vendor with a legitimate account and send a fake invoice requesting payment. They will request a change in the account details, so the employer sends the money to a fraudulent account.
How to recognize an impersonation attack
The fact that impersonation attacks are highly targeted makes them more difficult to recognize. However, there are certain signs common to most of them.
- An urgent tone: Scammers want victims to act automatically without having a chance to think. If the language in an email is urgent, they are more likely to respond on instinct. This is particularly true if an email seems to come from a senior executive in the company who says he needs an urgent favor.
- Requests that are unusual: If victims receive a request that’s out of the ordinary and doesn’t seem to align with normal company procedure, they need to verify it before transferring money or sending data.
- Incorrect email address: Email spoofing occurs when scammers use a fake email address that looks almost the same as the one they’re impersonating. They alter the display name, so it looks legitimate.
- Emphasis on confidentiality: Scammers will use words like ‘confidential’ and ‘private’ in their emails because they don’t want victims to discuss them with colleagues. Employees tend not to question this because confidentiality is so important in business today.
How to stop impersonation attacks
An impersonation email often does not contain the red flags that secure email gateways scan for, such as suspicious URLs or malicious attachments. It is more difficult to detect and prevent because it involves the human element. The email often looks perfectly normal at first glance and appears to come from a known source.
Use advanced email security solutions: Email security solutions are available today that go way beyond legacy email security options. Those that can stop impersonation attacks have the following abilities:
- They analyze the sender/recipient relationship: Contextual analysis should flag anomalies if an email that appears to come from a trusted colleague is sent from a new geographic location at an odd hour with an unusual request.
- They understand the tone and language of the email: Emails that contain urgent requests, ask for sensitive data or include invoices require additional security measures.
- They can identify compromised vendor accounts: It should be able to detect unusual behavior from vendors, such as the use of new routing numbers, increased number of invoices, or irregular invoice timing, follow-up which are more than usual or the language in emails look off.
Train employees to do context and content checks on emails: They should always ask whether the email requests make sense despite who they appear to come from. Changing their habits with training can take time, but it may prevent them from automatically clicking on a link or making a payment without thinking. They should be a little paranoid about trusting emails, even if they seem to come from a senior executive.
Utilizing proxy servers can provide an extra layer of security by creating an intermediary between company servers and outside traffic. SMTP proxies can block malicious emails from reaching employee inboxes.
Use secondary channels of authentication: If a vendor asks for a sudden change in bank account details, employees need to call them to confirm. Employees need to know that reaching out for additional authentication is always a good thing.
In impersonation attacks, scammers will pose as a trusted person or organization to steal sensitive data or money. In preventing impersonation attacks, it is essential to analyze human behavior and understand the context and content of emails. Reducing the risks will involve a combination of training and using the right technology.