The Rise and Rise of VIP Impersonation

Late this summer, a number of cryptocurrency executives eagerly participated in Zoom conferences with the CEO of a major crypto exchange. After what they thought was a successful meeting, they made payments to get their cryptocurrencies listed and emailed thank you notes. Only, it seems that they hadn’t video chatted with the CEO at all. Instead, hackers had created a deepfake of his image to dupe the cryptocurrency execs into forking over their money.[1]

The reported scam was just one of the latest public examples of a VIP impersonation attack, a form of business email compromise (BEC) that’s sometimes referred to as “CEO fraud” or “executive impersonation.” This particular cyber exploit involves posing as a trusted leader within an organization in order to convince employees — or in this case, potential clients — to hand over sensitive data, provide credentials, or transfer money to an account. Taking on the guise of a high-profile player like a CEO or CFO, attackers can more easily persuade an intended victim to do their bidding.

As executive impersonation continues to proliferate and the techniques cybercriminals employ in their trickery grow more sophisticated, defending against them requires a multifaceted approach. In a new ebook, Future-Proofing Your Cybersecurity Strategy: Defending Against VIP Impersonation, Mimecast has captured the current state of VIP impersonation attacks and responses, including email security protections, AI-enabled detection, and employee awareness training.

Getting Personal Pays Off

The secret sauce of VIP impersonation — a mix of social engineering, extreme targeting, and the ability to sidestep legacy cybersecurity systems — is so potent that these attacks are proliferating. Nearly half of security professionals interviewed for Mimecast’s State of Email Security 2022 report said they’d seen an increase in BEC and impersonation fraud in 2021. And from mid-2016 through 2021, the FBI received reports of $43.3 billion worth of losses due to BEC scams such as impersonation.

Some New Twists

Typically, VIP impersonation has relied on spoofing the email addresses of high-ranking executives or taking over their mailboxes using stolen passwords in order to ask for business details, funds transfers, and other valuables.[2] Over time, however, cybercriminals have expanded their repertoires.

As remote work has become a norm, bad actors are using collaboration tools — often in conjunction with email-based executive impersonation — for cybercriminal aims. Videoconferencing tools took off during the pandemic and attackers quickly coopted the platforms for their purposes. Earlier this year, the FBI warned of an increase in the abuse of virtual meeting platforms that were exploiting top executives and instructing victims to transfer funds into fraudulent accounts.[3]

Cybercriminals are increasingly deploying deepfake technology in their executive impersonation schemes as well. They can use deepfake audio or video of a high-profile individual to fool potential victims in real-time. This is what appears to have happened in the case of the crypto exchange above — a potent combination of AI with email and collaboration tool impersonation.

Alternatively, crooks can directly embed such AI-enabled synthetic audio or video in an email. A recent article explained that this asynchronous approach “reduces the pressure on criminals to respond believably in real time, letting them perfect a deepfake clip before distributing it. As a result, a non-real-time attack may be quite polished and less likely to raise user suspicions.”[4] And as deepfake technology continues to advance, companies can expect VIP impersonation approaches to become more common and more effective.

Social media-based executive impersonation has also grown along with the corporate use of apps like LinkedIn, Twitter, and Instagram. Using open source intelligence — specifically public data about corporate leaders — would-be attackers can easily gather enough information to create reasonable facsimiles of VIP social media accounts and then do the dirty work of deceiving connections into providing them with money, credentials, or data via direct message. One CEO recently recounted his experience being impersonated on Instagram.[5] He only learned of his fake profile, which had garnered thousands of followers, when someone reached out to him directly, asking him if he’d sent the acquaintance a message on the platform.

The Bottom Line

VIP impersonation succeeds, in large part, because it plays on people’s instincts to comply with authority figures. As these attacks continue to increase in number and technological sophistication, an effective defense against executive impersonation should incorporate employee training along with advanced detection and prevention tools. For more on how to safeguard your organization from VIP impersonation attacks, please see Mimecast’s new ebook on Defending Against VIP Impersonation.

[1] “Hackers reportedly deepfaked a Binance exec to carry out listing scams,” Engadget

[2] Executive Impersonations: Characteristics and Trends to Know Today,” GreatHorn

[3] “Business Email Compromise: Virtual Meeting Platforms,” Federal Bureau of Investigation

[4] “Prepare for deepfake phishing attacks in the enterprise,” TechTarget

[5] “LinkedIn scams, fake Instagram accounts hit businesses, execs,” TechTarget