IT Support &
Business Software

How to prepare for the latest email impersonation attacks

Share

Cyber-criminals are using more sophisticated tactics which include email impersonation attacks. These social engineering attacks use human psychology rather than traditional technical hacking techniques. They manipulate users into divulging confidential information by impersonating a trusted party.

Even with the highest levels of security, businesses can be left exposed if an employee is tricked into clicking on a malicious link from a supposed Facebook friend, LinkedIn connection or even a C-level executive. Increasing awareness has never been more important. A recent Mimecast report revealed a 400% rise in email impersonation attacks in the last quarter.

Common Impersonation Attacks

Social networking sites have facilitated social engineering attacks. Cyber criminals are taking advantage of sites like LinkedIn to create lists of company employees and gather detailed information. This increases the credibility of attacks.

Common impersonation approaches include:

  • Emails from a friend: if a cyber-criminal compromises an email account, they can access all their contacts. They can then send messages from these contacts asking users to click on a link, download a file or request urgent help.
  • Phishing attempts: these messages ‘appear’ from a legitimate company, bank, school or institution. They often explain there is a problem and request you to ‘verify’ information by clicking on a link.
  • High-level executive requests: often referred to as ‘whaling’, these messages appear highly credible and impersonate senior level executives requesting a wire transfer or data transfer.

When it comes to email impersonation, social engineers leverage both fear and curiosity. This makes detection more difficult unless a user is alert to them. Awareness is therefore the number one defensive measure.

Top Tips to Protect against Email Impersonation Attacks

  • Educate and inform employees: train users on how to recognise impersonation emails and avoid falling victim to them.
  • Take a step back: spammers want you to act first and think later. If a message conveys a sense of urgency, don’t be pressured – take a step back and review the situation.
  • Research the facts: be suspicious of unsolicited messages. If an email appears from a genuine company, do your own research. Use a search engine to visit their website or a phone directory to find their phone number, rather than clicking on links.
  • Make faking messages difficult: use customised stationery and unique identifiers in messages to make it more difficult for cyber-thieves to copy.
  • Invest in email security: use advanced email gateway technology to identify and quarantine suspicious messages through names, domains and keywords. Install anti-virus software, firewalls and email filters and keep these up to date.
  • Review existing processes and procedures: consider separating duties and changing authentication and approval methods by adding a second signature or lowering the value required for secondary approval.

Social engineering attacks are on the rise. Through a combination of awareness, technology and better internal systems and processes, it is possible to reduce the risks and protect your business from financial and data loss.


Testimonials

Max Somper Metamark

PCR are very much on the same page as ourselves. They're very flexible, pragmatic about response, efficient, and they've always been the best choice for us as a business.

David Stocker Kingfisher Inks

We can always depend on PCR to offer us excellent service in terms of support for Pegasus and our IT network. Their advice is always tailored to our requirements and situation, and we can rely on them to ensure that it is the best solution for us.

John Higgins Duchamp

We would recommend PCR as a good IT support partner to have on a day-to-day basis and for practical advice.

Contact us now