Email impersonation attacks are one of the fastest growing types of attacks in the world, reaching out to different markets and companies of all sizes. Why? Because they have proven to be effective. Email impersonation attacks are those malicious emails in which cybercriminals impersonate a trusted company or individual to deceive people.
One of the most common types of impersonation attack is called Business Email Compromise (BEC). There are different BEC scenarios. One of them, known as CEO Fraud, happens the following way: to commit the fraud, fooling employees or partners, the attacker pretends to be a director or an executive, such as the CEO (Chief Executive Officer) or the CFO (Chief Financial Officer).
According to the FBI, in recent years, BEC alone has caused losses of billions of dollars. The interesting thing to note is that email impersonation attacks take into account human failure. It’s necessary that someone buys into the scam so that it succeeds.
How email impersonation victims are defined
First the attacker needs to identify, choose and understand his victim. Email impersonation attacks use social engineering a lot. It’s through searches on social media, such as Facebook, LinkedIn, Twitter and Instagram, that the criminals start collecting information.
With a simple search in LinkedIn, it’s possible to get sensitive professional information. In addition to the victim's full name that is already stamped on the profile, the attacker can find out the victim's company name, office location, job role, job duties, and partners and coworkers. Depending on the case, even email will be readily available.
After that, a search on Facebook, Twitter and Instagram can help draw a more complete profile of the victim, including interests, hobbies and activities. And not just that. His family and friends are also exposed there.
At this point, a thorough analysis of postings shows how the victim relates to his peers and how he writes, which is crucial for an email impersonation attacks and social engineering.
Criminals still have the option to search compromised device lists if any of the victim's credentials have ever been hacked. The site HaveIBeenPwned.com is a great tool to check if an email has been compromised in a breach.
How email impersonation attacks are build
Of course, in complex email scams, as is the case of email impersonation attacks, the criminal will not only study the victim’s profile. He will also try to understand who the partners and coworkers are, how the company works and what its routine is.
On the company website, it's possible, for example, to identify who the directors are and who is possibly the victim's boss. It's also possible to check the company's closest partners, such as suppliers. It's social engineering again providing tools and data so that the email scam has more effect.
How email impersonation attacks happen
Yes, there are many tactics to put an email impersonation attack into practice. Here are 5 of them:
1. Free email account attack. The scammer uses a valid free email account, such as Gmail and Hotmail, to fool people.
2. Cousin domain attack. The attacker uses a similar email, adding or subtracting characters to the address.
3. Forged Envelope Sender attack. The cybercriminal will use the domain of a known company to bypass mail server's filters and lure his victims.
4. Forged Header Sender attack. The attacker spoofs the display name to gain credibility.
5. Compromised email account attack. The criminal uses a compromised email account, probably infected with malware.
How to prevent impersonation attacks in your business
To keep your company safe, you should look for a complete solution, such as a Secure Email Gateway. That’s because it can protect you by using different engines and protocols, such as sandbox and DMARC (Domain-based Message Authentication Reporting & Conformance). Otherwise, you’re going to pay for different engines from different companies, which can be costly and laborious.