The trend of email impersonation attacks

Updated at: Nov 30, 2020
By Gatefy

Hacker representing an email impersonation scam.

Email impersonation attacks are one of the fastest growing types of attacks in the world, reaching out to different markets and companies of all sizes. Why? Because they have proven to be effective.

Email impersonation attacks are those malicious emails in which cybercriminals impersonate a trusted company or individual to deceive people.

One of the most common types of impersonation attack is called Business Email Compromise (BEC). There are different BEC scenarios.

One of them, known as CEO Fraud, happens the following way: to commit the fraud, fooling employees or partners, the attacker pretends to be a director or an executive, such as the CEO (Chief Executive Officer) or the CFO (Chief Financial Officer).

According to the FBI, in recent years, BEC alone has caused losses of billions of dollars. The interesting thing to note is that email impersonation attacks take into account human failure. It’s necessary that someone buys into the scam so that it succeeds.

How email impersonation victims are defined

First the attacker needs to identify, choose, and understand his victim.

Email impersonation attacks use social engineering a lot. It’s through searches on social media, such as Facebook, LinkedIn, Twitter, and Instagram, that the criminals start collecting information.

With a simple search in LinkedIn, it’s possible to get sensitive professional information. In addition to the victim's full name that is already stamped on the profile, the attacker can find out the victim's company name, office location, job role, job duties, and partners and coworkers. Depending on the case, even email will be readily available.

After that, a search on Facebook, Twitter, and Instagram can help draw a more complete profile of the victim, including interests, hobbies, and activities, and not just that. His family and friends are also exposed there.

At this point, a thorough analysis of postings shows how the victim relates to his peers and how he writes, which is crucial for email impersonation attacks and social engineering.

Criminals still have the option to search compromised device lists if any of the victim's credentials have ever been hacked. The site HaveIBeenPwned.com is a great tool to check if an email has been compromised in a breach.

How email impersonation attacks are build

Of course, in complex email scams, as is the case of email impersonation attacks, the criminal will not only study the victim’s profile. He will also try to understand who the partners and coworkers are, how the company works and what its routine is.

On the company website, it's possible, for example, to identify who the directors are and who is possibly the victim's boss.

It's also possible to check the company's closest partners, such as suppliers. It's social engineering again providing tools and data so that the email scam has more effect.

How email impersonation attacks happen

Yes, there are many tactics to put an email impersonation attack into practice. Here are 5 of them:

1. Free email account attack

The scammer uses a valid free email account, such as Gmail and Hotmail, to fool people.

2. Cousin domain attack

The attacker uses a similar email, adding or subtracting characters to the address.

3. Forged Envelope Sender attack

The cybercriminal will use the domain of a known company to bypass mail server's filters and lure his victims.

4. Forged Header Sender attack

The attacker spoofs the display name to gain credibility.

5. Compromised email account attack

The criminal uses a compromised email account, probably infected with malware.

How to prevent impersonation attacks in your business

To keep your company safe and fight impersonation, Gatefy offers an email gateway solution and a DMARC based anti-fraud solution. You can request a demo or see more information here: