Email Impersonation is a form of phishing attack where a hacker impersonates someone else in the hopes it was convince an employee to act in some fashion.
Email impersonation attacks often use senior company executives such as the CEO or CFO to make an initial email inquiry. Sometimes it will be worded like this:
Jane, heading into a meeting, are you busy? John
The sender name looks like the senior person in your organization and at first glance might be indistinguishable from the real person. These emails always ask the victims to perform a task, urgently. Examples of such attacks include purchasing gift cards, sending personel records or W2’s, or logging into a website to retrieve a critical file for the CEO/CFO. In each case, the real sender is a hacker impersonating that Very Important Person (VIP).
Impersonation emails are a common form of social engineering to be on the lookout for. They are easy to complete using public information from the corporate website and very difficult to prevent from delivery.
Source: Barclays Corporate Banking
Additional Reading: What is Business Email Compromise?
What should you do as an SMB?
SMBs are big targets for phishing attacks, as attackers know that SMBs tend to lack the resources available to defend against them. The good news is that phishing attacks are one of the easiest topics to train employees on how to spot and avoid. Follow these best practices to reduce your likelihood of being breached by a phishing attack, especially impersonation-based attacks.
- Train your employees on how to spot, avoid and delete phishing attacks.
- Watch out for unexpected emails with urgent tasks to complete.
- Be very wary of generically addressed messages.
- Spelling, Grammar, and punctuation mistakes are all a red flag.
- Be wary of attachments and do not click links to unknown websites.
- Test your employees with Phish Testing attacks in CyberHoot’s Phishing module; re-train those that fail in your tests.
- Purchase and train your employees on how to use a Password Manager. If you visit a phishing website and try to enter your password credentials using a Password Manager, you will NOT be able to. Employees reusing passwords will absolutely enter their credentials.
- To protect the Internet from phishing attacks using your domain name, setup SPF, DKIM and DMARC records to block the receipt of emails masquerading as your domain name.