Impersonation Attacks

Impersonation attacks are a socially engineered breach, where an attacker may spend months researching and building up a credible employee profile in order to gain access to a network, or demand payment from somewhere in the company.

They can be very difficult to detect as, generally work places are fast paced environment where a lot of information needs to be transferred quickly between employees. Checking an E-mail address for typos doesn’t seem like a good use of company time, especially when we send E-mails to that address every single day. Practice makes perfect with regard to scanning each E-mail your receive to make sure the address isn’t a close copy/fake.

The major reason these attacks are difficult to be detected by users is lack of attention to detail. Let’s understand this through an example:

Below is the same email address written twice, how fast can you spot the one with some error?

[email protected]

[email protected]

It is hard to figure out the irregularity, especially when you have a hectic schedule at work and many distractions.

Executing the Attack

The final and the most important step is to choose a type of attack. Below mentioned are top 3 tactics used by attackers:

  • By Registering a Look-Alike Email Domain

The attacker can register a similar email domain and create a new email ID using a similar name to the person being impersonated. The attacker sends an email message to the target asking them to respond urgently. For instance, impersonating the target’s boss, the attacker creates an email id [email protected]  and asks the victim to make urgent payment for an invoice attached with the message.  

  • Editing the Display Name

The majority of the mobile email clients only show the display name of the sender. This makes it quite easy for the attacker to edit their display name and trap the victim into their game. For example, the attacker sends the message using an email like [email protected] but edits the display name to the person being impersonated. The increasing mobile trend contributes to the success of such attacks. However, in desktop email clients, both the display name and email id of the receiver are shown, which is why the chances of falling for an attack are less.

  • Using a Free Email Account

A common tactic used by attackers. They send a message through a free email account such as Gmail, Yahoo, etc. In the email, the sender indicates that they have been locked out of their official account and need immediate help in order to get a task done.

How to Beat Impersonation Attacks

 

Awareness Training

Attention to detail can be a lot of help in combating cases of impersonation. Users should check sender details carefully. Any suspicious email message should be investigated before replying. Also, proper attention should be given to the message content, including attachments and URLs. Businesses should step forward in providing proactive cyber security awareness training to their employees.


Thanks for reading..

INCA Networks is a Cyber Security company in Co.Dublin with over 20 years experience in keeping business networks secure.

If you’re considering Managed IT Security for your firm’s network, take a look at our Managed IT Security page.

Ed Campbell