Impersonation: A Dangerous Low-Tech Form of Cyber Attack

Impersonation A Dangerous Low-Tech Form of Cyber AttackCybercriminals are constantly finding new ways to breach security efforts and victimize organizations for profit. Email phishing attacks are one of the most popular methods because they often go undetected by security defenses long enough for attackers to compromise a network and gain the data they were targeting. According to Mimecast’s “State of Email Security” report, email phishing attacks have become increasingly more common in the past year. The report found that a large majority of organizations (94 percent) confirmed that they were hit with a phishing attack in 2018. Of those respondents, 67 percent saw a rise in a very specific type of email phishing attack known as an impersonation attack.

Impersonation attacks are a low-tech form of cyber attack that uses social engineering to gain access to a system or network. The attacker “impersonates” or plays the role of someone that the victim is likely to trust, and can be convincing enough to trick the victim into allowing access to information or systems. When attackers are targeting organizations, members of the C-suite, human resources department, and finance teams are most likely to be impersonated.

How Impersonation Attacks are Created

  • Identifying a target: Attackers find potential victims through their social media profiles. The most common platforms used are Facebook, Twitter, and LinkedIn, where information is often easily accessed by anyone. Attackers gather information like name, email address, school, job title and description, location and more. 
  • Building credibility: After gaining as much information about the victim as possible, the attacker will choose someone to impersonate. Using the company website and/or social media pages, the attacker can easily pick someone the victim would likely respond to.
  • Execution: Attackers use several tactics to fool their victims, including simple ones like editing the display name on a free email account, or even going as far as registering a look-alike email domain creating a new email using a similar one to the person being impersonated. The attacker then sends an email or series of emails that create urgency for the victim to send the attacker the information they are requesting.

Impersonation attacks can cause quite a bit of damage, according to researchers. In the above-mentioned report, nearly 40 percent of respondents confirmed that they experienced data loss resulting from impersonation attacks, 29 percent had direct financial loss, 28 percent reportedly lost customers and 27 percent had to let employees go following an attack. 

Not all cyber attackers are genius-level hackers, and with email impersonation attacks on the rise, they don’t have to be. With so many public details available on social media and websites, attackers can quickly and easily gather the information they need and set up an attack with hardly any effort at all. In order to protect against this growing threat, businesses need to educate all employees on email best practices and have reliable email security that helps filter malicious content. Insurance agents can help their business clients protect against the financial devastation that can occur after one of these attacks by offering insurance through a knowledgeable cyber liability broker.

About Mavon Insurance

At Mavon Insurance, we pride ourselves on our unique approach to insurance. We focus on integrity, communication, professionalism, respect, and gratitude to help our clients succeed and place business in specialized markets. For more information about our products or to become an agent, please contact us today at (855) 248-1480.