Scams involving an impersonation attack pose a significant danger to companies of every size. Rather than using malicious URLs or attachments, an impersonation attack uses social engineering and personalization to trick an employee into unwittingly transferring money to a fraudulent account or sharing sensitive data with cyber criminals.
An impersonation attack typically involves an email that seems to come from a trusted source. Sometimes the email attack may start with a message that looks like it comes from a CEO, CFO or another high-level executive – these scams are also called whaling email attacks. An impersonation attack may also involve a message that appears to be from a trusted colleague, a third-party vendor or other well-known Internet brands. The message may request that the recipient initiate a transfer to a bank account or vendor that later proves to be fraudulent, or it may ask the recipient to send along information like W-2 files, bank information or login credentials that give hackers access to business finances and systems.
Stopping an impersonation attack requires strong security policies and vigilance on the part of employees. But because these attacks are designed to take advantage of human error, you also need solutions that can automatically scan email and block any potential attack. That's where Mimecast can help.
Mimecast makes email safer for business by combining solutions for email security, email continuity and email data protection into a single cloud-based service. By streamlining administration and providing a single cloud platform that covers all email functions, Mimecast reduces the cost and complexity of business email management.
Mimecast's SaaS email security services include protection against all major threats. In addition to stopping an impersonation attack, Mimecast can help prevent a ransomware attack, spear-phishing attack and insider attack as well as threats from viruses and malware. In addition to threat response solutions, Mimecast security offerings also include solutions for sending messages and large files securely, and for content control and data loss prevention.
Mimecast scans all inbound, outbound and internal email to provide URL protection against malicious links, as well as attachment protection that scours attached documents for potential malware. But because many impersonation attacks are malware-less, Mimecast technology also searches the email and its content for signs of an impersonation attack. These include anomalies in:
If an email fails a certain combination of these tests, Mimecast can be configured to discard the message, quarantine it or send it on to the recipient with a warning that the message may be an impersonation attack.
Learn more about stopping an impersonation attack with Mimecast.
What is an impersonation attack?
An impersonation attack is a form of fraud in which attackers pose as a known or trusted person to dupe an employee into transferring money to a fraudulent account, sharing sensitive information (such as intellectual property, financial data or payroll information), or revealing login credentials that attackers can used to hack into a company’s computer network. CEO fraud, business email compromise and whaling are specific forms of impersonation attacks where malicious individuals pose as high-level executives within a company.
How does an impersonation attack work?
Impersonation attacks are typically malware-less attacks conducted through email using social engineering to gain the trust of a targeted employee. Attackers may research a victim online, gathering information from social media accounts and other online sources which, when used in the text of an email, can lend authenticity to the message. An impersonation attack is typically directed at an employee who can initiate wire transfers or who has access to sensitive or proprietary data. The employee receives an email that appears to be from a legitimate source, often a high-level executive within the company, urgently requesting that money be wired to a certain account or that sensitive information be sent immediately.
How to recognize an impersonation attack?
Unlike common phishing attacks, which are often unspecific and filled with grammar or spelling mistakes, impersonation attacks are highly targeted and well-crafted to appear realistic and authentic. There are a few things, however, that point to a potentially fraudulent email:
How to stop an impersonation attack?
To prevent impersonation attacks and other forms of phishing and cybercrime, organizations are wise to adopt a multi-layered approach to email security that includes:
How to report an impersonation attack?
When employees suspect they have been targeted or have been involved in an impersonation attack, they should immediately report the incident to their supervisor, to the IT department and to the person within the organization who was impersonated. Additionally, impersonation attacks can be reported to government organizations dedicated to preventing cybercrime. These include the Federal Trade Commission (www.ftc.gov/complaint), the Cybersecurity and Infrastructure Security Agency (firstname.lastname@example.org) and the Anti-Phishing Working Group (www.antiphishing.org/report-phishing).