Amongst the types of cyber attacks happening, impersonation attacks are an interesting evolving category. Such attacks are generally targeted at corporate employees. The attack is executed by sending an email to the target in which the sender attempts to masquerade as a trusted source. This is done in order to gain access to target’s sensitive information, such as financial data. The U.S. Federal Bureau of Investigation (FBI) has warned businesses about this growing threat and has estimated that such attacks have caused losses of approximately $5.3 billion globally.
A common example of impersonation attacks is Business Email Compromise (BEC) or "CEO fraud" that continues to manipulate companies by using false identities. This can severely damage a company’s reputation. This blog from last year explains BEC in detail.
Why are Impersonation Attacks Hard to Detect?
The major reason these attacks are difficult to be detected by users is ignorance and lack of attention to detail. Let’s understand this through an example:
Below is the same email address written twice, how fast can you spot the one with some error?
It is hard to figure out the irregularity, especially when you have a hectic schedule at work and many distractions.
How are Impersonation Attacks Constructed?
Finding the Target
With the help of social engineering techniques, attackers look for potential victims. Facebook, LinkedIn and Twitter profiles are easiest mediums for attackers to collect information about their target. Name, email address, school, job title, short bio, job duties, location, etc. can be easily fetched by attackers from target’s social media accounts. Social engineering, which requires very little technical skill, can typically get attackers an unbelievable amount of information about the victim, freely available online.
Now, as the attacker has a significant amount of the target’s information in hand, the next step is to build credibility. Again, social engineering is an effective way to set the stage for the attack. The attacker will try to figure out who to impersonate. It could be the victim’s boss, one of his colleagues or someone close to him. Close friends can be found on Facebook, and people tend to be very trusting if they think they are dealing with close friends. Through the company website and social media pages, the attacker can easily pick the person to impersonate.
Executing the Attack
The final and the most important step is to choose a type of attack. Below mentioned are top 3 tactics used by attackers:
- By Registering a Look-Alike Email Domain
The attacker can register a similar email domain and create a new email ID using a similar name to the person being impersonated. The attacker sends an email message to the target asking them to respond urgently. For instance, impersonating the target’s boss, the attacker creates an email id Smith@reventivirus.com and asks the victim to make urgent payment for an invoice attached with the message.
- Editing the Display Name
The majority of the mobile email clients only show the display name of the sender. This makes it quite easy for the attacker to edit their display name and trap the victim into their game. For example, the attacker sends the message using an email like email@example.com but edits the display name to the person being impersonated. The increasing mobile trend contributes to the success of such attacks. However, in desktop email clients, both the display name and email id of the receiver are shown, which is why the chances of falling for an attack are less.
- Using a Free Email Account
This is another common tactic used by attackers. All they do is send a message through a free email account such as Gmail, Yahoo, etc. In the email, the sender indicates that they have been locked out of their official account and need immediate help in order to get a task done.
How to Beat Impersonation Attacks
- A Careful Eye & Awareness Training
Attention to detail can be a lot of help in combating cases of impersonation. Users should check sender details carefully. Any suspicious email message should be investigated before replying. Also, proper attention should be given to the message content, including attachments and URLs. Businesses should step forward in providing proactive cyber security awareness training to their employees.
- Email Security
Per Gartner, email will remain the primary targeting method of advanced attacksthrough the year 2020. Having reliable email security is a good security practice that everyone should follow. This not only helps in filtering emails containing malicious content but also reduces spam messages. The point is that you remain safe from harmful content.