Secure Your Email

    Email Impersonation Protection


    The $12 billion scam

    Impersonation attacks — also known as business email compromise — can result in significant financial loss, as attackers try to trick employees into making wire transfers or other transactions by pretending to be the CEO, CFO or even external partners. Mimecast makes it easy to protect your internal users, domains and brand from impersonation.


    The challenges of fighting impersonation attacks

    Not all email‐based attacks use malicious URLs or have malware-laden attachments. In fact, billions of dollars have been lost because of simple emails that impersonate your C‐suite and ask for wire transfers or credibly request that other sensitive data be sent back to the impersonator.

    Every organization is a target of these advanced, social engineering-based, email impersonation attacks designed to steal money, intellectual property or other sensitive data.


    The Mimecast Solution

    Mimecast’s impersonation protection services provide granular and customizable controls that allow organizations to identify, prevent, quarantine and tag suspicious emails. Mimecast email security helps you defend against email impersonation attacks that seek to spoof a trusted sender and cause a costly data or monetary leak. Mimecast provides:


    Protection against malware-less email attacks seeking to impersonate trusted senders.


    Real-time scanning of all inbound emails to detect header anomalies, domain similarity, sender spoofing and suspect email body content.


    DMARC reporting and enforcement to tackle direct domain spoofing.


    Clearly marked alerts on delivered emails that notify recipients of potential risk.


    Centralized policy management and reporting to assist in the early detection of impersonation attack campaigns targeting your organization.


    Impersonation Attack Protection FAQs

    What are some examples of email impersonation attacks?

    Impersonation attacks can be especially hard to detect because they don’t need to include any malware or malicious URLs. Email security solutions, such as Mimecast’s, must go beyond scanning inbound, outbound and internal email for bad URLs and attachments. Mimecast technology also searches emails for anomalies that suggest criminal intent, and it an email fails a certain combination of its tests, Mimecast can be configured to discard the message, quarantine it or send it on to the recipient with a warning that the message may be an impersonation attack.

    How to prevent an impersonation attack?

    Impersonation attacks can only be prevented through a combination of comprehensive security technology and controls built into an organization’s business processes. The security technology’s role is to scan emails and web interactions for signs of malicious intent, or that an email didn’t really come from who it says it did. Advanced techniques used by Mimecast include both rules-based and machine learning algorithms alongside multiple detection engines. But since impersonation attacks continue to grow more and more sophisticated, the best protection against attacks like business email compromise is to integrate controls into the organization’s payment processes so that no action can be taken on the approval of only one individual. Such controls dramatically increase the likelihood that the impersonation will be discovered before a mistaken payment is sent to the fraudsters behind it. 
    Related Products

    Protect against email-based threats with advanced technical capabilities

    Phishing, spam, business email compromise, malicious URLs, ransomware - these attacks continue to plague businesses. Explore Mimecast's features that protect against these ubiquitous threats.

    Impersonation Protection

    Get instant, comprehensive protection against malware-less email attacks that impersonate trusted senders. Real-time scanning of all inbound emails detects header anomalies, domain similarity, recency of the sending domain, and sender spoofing to keep end-users safe.


    Email Security With Targeted Threat Protection

    Mimecast Email Security with Targeted Threat Protection provides industry-leading security for the top attack vector, protecting against phishing, ransomware, BEC, payment fraud, impersonation, and insider risk.


    Brand Exploit Protect

    Mimecast Brand Exploit Protect defends against digital brand impersonation by combining machine learning with quadrillions of targeted scans to identify attacks at an early stage, often blocking them before they go live. When active attacks are discovered, they can be remediated quickly to minimize the damage to your customers and brand reputation.


    DMARC Analyzer

    DMARC is a key tool in defeating email impersonation and is part of a broader defensive arsenal when layered with Mimecast Email Security. Fully integrated with our Email Security solution, Mimecast DMARC Analyzer is designed to simplify and accelerate the process of achieving an enforced DMARC reject policy, while providing full visibility into who's sending email on your organization's behalf.

    Back to Top