The trend of email impersonation attacks
- Updated at March 18, 2021
- By Gatefy
- Blog, Threat Research
Email impersonation attacks are one of the fastest growing types of attacks in the world, reaching out to different markets and companies of all sizes. Why? Because they have proven to be effective.
Email impersonation attacks are those malicious emails in which cybercriminals impersonate a trusted company or individual to deceive people.
One of the most common types of impersonation attack is called Business Email Compromise (BEC). There are different BEC scenarios.
One of them, known as CEO Fraud, happens the following way: to commit the fraud, fooling employees or partners, the attacker pretends to be a director or an executive, such as the CEO (Chief Executive Officer) or the CFO (Chief Financial Officer).
According to the FBI, in recent years, BEC alone has caused losses of billions of dollars. The interesting thing to note is that email impersonation attacks take into account human failure. It’s necessary that someone buys into the scam so that it succeeds.
Table of Contents
How email impersonation victims are defined
First the attacker needs to identify, choose, and understand his victim.
Email impersonation attacks use social engineering a lot. It’s through searches on social media, such as Facebook, LinkedIn, Twitter, and Instagram, that the criminals start collecting information.
With a simple search in LinkedIn, it’s possible to get sensitive professional information. In addition to the victim’s full name that is already stamped on the profile, the attacker can find out the victim’s company name, office location, job role, job duties, and partners and coworkers. Depending on the case, even email will be readily available.
After that, a search on Facebook, Twitter, and Instagram can help draw a more complete profile of the victim, including interests, hobbies, and activities, and not just that. His family and friends are also exposed there.
At this point, a thorough analysis of postings shows how the victim relates to his peers and how he writes, which is crucial for email impersonation attacks and social engineering.
Criminals still have the option to search compromised device lists if any of the victim’s credentials have ever been hacked. The site HaveIBeenPwned.com is a great tool to check if an email has been compromised in a breach.
How email impersonation attacks are build
Of course, in complex email scams, as is the case of email impersonation attacks, the criminal will not only study the victim’s profile. He will also try to understand who the partners and coworkers are, how the company works and what its routine is.
On the company website, it’s possible, for example, to identify who the directors are and who is possibly the victim’s boss.
It’s also possible to check the company’s closest partners, such as suppliers. It’s social engineering again providing tools and data so that the email scam has more effect.
How email impersonation attacks happen
Yes, there are many tactics to put an email impersonation attack into practice. Here are 5 of them:
1. Free email account attack
The scammer uses a valid free email account, such as Gmail and Hotmail, to fool people.
2. Cousin domain attack
The attacker uses a similar email, adding or subtracting characters to the address.
3. Forged Envelope Sender attack
The cybercriminal will use the domain of a known company to bypass mail server’s filters and lure his victims.
4. Forged Header Sender attack
The attacker spoofs the display name to gain credibility.
5. Compromised email account attack
The criminal uses a compromised email account, probably infected with malware.
How to prevent impersonation attacks in your business
To keep your company safe and fight impersonation, Gatefy offers an email gateway solution and a DMARC based anti-fraud solution. You can request a demo or see more information here:
