Impersonation is an email scam that tricks victims into giving away sensitive personal information. It is often the doorway to a system breach. Learn how to recognize and protect yourself from impersonation.

 

What is Impersonation?

Impersonation mimics a person or an entity. Today, a major threat facing US businesses is email impersonation targeting key individuals in the company. In impersonation attacks, hackers create phishing emails to impersonate top officials and executives. Typically, the attacker impersonates someone in a higher position and targets a subordinate, asking the victim to conduct financial transactions, pay invoices, and reveal confidential information.

Although related in concept, impersonation is different from spoofing. In email impersonation, a hacker creates an email address that resembles a legitimate one, but with only a few minor changes. For example, the attacker might use an address like abc@micros0ft.com. In email spoofing, on the other hand, the hacker disguises their real email address (hacker@cybercrime.com) by overlaying it with a legitimate address (abc@microsoft.com). Impersonation works on users who are not observant, while spoofing catches users who are not diligent in looking behind the scenes. The end result of both approaches is the same, however—the victim reacts to a bogus email that carries a virus, malware, or a link to a forged site to steal personal information.

 

How Impersonation Works?

To engineer an impersonation attack, the hacker must first identify a victim and learn about them. In most cases, email impersonation is accomplished through social engineering. The attacker collects the victim’s information through social media including Facebook, Instagram, Twitter, and LinkedIn.

A cybercriminal can access the entire professional profile of a victim with a single LinkedIn search. After that, the victim’s Facebook, Instagram, and Twitter accounts will help the attacker extract the victim’s personal information, such as activities, interests, and hobbies. Even their friends and family are exposed.

To conduct a convincing scam, the hacker not only studies the victim but also the victim’s friends and co-workers. It is important for the cybercriminal to understand the victim’s social circle, both personally and professionally, how the business operates, and what routine the victim and their coworkers follow. The conniving thief focuses on the victim’s closest partners, like suppliers and customers. With all this information, conducting the attack is a simple matter.

Starting from a known email provider, the attacker creates a fake email address that appears similar to that of the victim’s close friends or coworkers. The recipient sees the sender’s address that looks almost (but not quite) like the friend’s or colleague’s real address. The email from the attacker contains malware attached to the link or file. Once the unwitting victim clicks on the link, the impersonation attack is a success.

 

What Does an Impersonation Attack Look Like?

Impersonation attacks can appear to originate from a known source by changing the email address in a minor, obscure way. An attacker obtains information from the victim’s friends or relatives. They then use that information to launch an attack with an email address that appears to come from the known person. Often the email message opens with a plausible statement allegedly from a company senior executive, such as the CEO or CFO.

The email may look like it is from a trusted person, but if the recipient looks closely, they can see a minor misspelling or the addition or subtraction of letters or numbers in the email address. Other than from the high-level company executives, the email may appear to come from a well-recognized brand like Microsoft or Zoom or from some third-party vendor such as a supplier of the business.

 

What to Look for in an Impersonation Attack?

Despite the sophistication of impersonation attacks, cybercriminals leave telltale signs that employees need to be aware of in order to detect these attacks. Other than a tweaked email address, look for the following impersonation indicators:

Unusual Requests

When it comes to transmitting confidential information, legitimate organizations adhere to strict procedures. Therefore, whenever you receive an email that does not follow those procedures, you should verify the validity of the email before sending confidential information or making a financial transaction. It could be a hacker behind the impersonation email hoping to squeeze money or sensitive information out of you.

Incorrect Branding

Imitating or impersonating a company’s branding or logo is an imperative to conduct an impersonation scam. Even though it is an easy thing to do, some amateur hackers don’t do it right. If you are sharp, you can spot the signs—the logo is out of date (i.e., an older version of the company logo), blurry, too big or too small, or surrounded by fuzzy edges.

Incorrect Email Address

In order to conduct an email impersonation attack, cybercriminals change the sender’s display name to look similar to a trusted source. You can reveal the actual email address by hovering over the display name on a PC or long-pressing the display name on a mobile device. The true address of the sender might be either totally different to the display name or very similar with a few changes to spelling..

 

How Can You Stay Protected from an Impersonation Attack?

To mitigate email impersonation attacks, a multilayer approach is needed to ensure security.

Use the Company’s Secured Domain

Don’t let your employees conduct business using their personal email accounts. Yahoo.com and Gmail.com are notoriously insecure domains. Organizations should avoid using these domains at all costs. Rather, instruct employees to use your company’s proprietary domain and email system. If all employees use your business’s private domain address, impersonation attacks are much more difficult to mount.

Always Verify the Sender

To verify that you are indeed receiving an email from a friend, colleague, or company executive, always call the alleged sender and ask them for verification. If they confirm that they did indeed send the email, you can proceed with confidence. Otherwise, leave the email unopened and delete it immediately.

Give Proper Training to Employees

If your company’s employees are well versed in impersonation attacks and other forms of cyberattacks, the risk factor for the company as a whole will be significantly reduced. Every new employee who becomes a part of the team must be educated on how to detect a cyberattack.

 

How Does Trustifi’s Inbound Shield Protect You from Impersonation Attacks?

 

Trustifi provides advanced protection against cyber threats to an organization’s email system. Trustifi features the Inbound Shield that acts as an email filter. As soon as Trustifi’s Inbound Shield is deployed to your company’s email system, sophisticated AI software begins scanning every email received by your server. Each incoming email is placed in a sandbox where Inbound Shield’s multi-layered detection scans everything about the email including sender, email subject, content, links, and attachments. To be deemed safe, an email must pass all tests at each layer.

The email is scanned in 3 parts and has a unique and advanced approach for each part.

Email Content and Headers

Links – Advanced Methods to Catch the Most Sophisticated Phishing Sites

Files – Deep Scanning

Learn how you can protect yourself and your company with Trustifi’s Inbound Shield. Contact a Trustifi representative today to view a demo and see how simply and affordably Inbound Shield can safeguard your systems.