News item

Impersonation attacks

Are your internal emails really from your colleagues? Detailed impersonation attacks aim to trick users.

Cybercrime seems to be rising continuously with ‘attackers' finding new ways to extort or trick businesses. With growing reliance on the web and apps for communication and business management, businesses need to be more vigilant than ever.

Impersonation attacks are a rising threat. The attackers pretend to be senior business managers instructing colleagues to transfer money or release information to the attackers' account.

How does it work?

The attacker researches the business and chooses a senior manager to impersonate, often reviewing their social media accounts. It will be someone who has the authority to instruct the finance department to make a payment, and the attacker may even register a domain very similar to the target business to help trick the recipient. As this is a sophisticated and targeted attack it will likely be carried out by an intelligent individual who will type well-formed emails without the usual strange grammar.

The attack is sometimes known as ‘whaling' as is represents a ‘big phish' (phish is a term for trying to gain sensitive information although a whale is a mammal, not a fish!). Many businesses employ sophisticated antivirus and antispam software to protect themselves, but as the impersonation attacks do not include malicious links or malware they are often able to pass through a company's defences. The convincing emails explain that an urgent transfer is required for a reasonable amount.

What can I do to protect my business?

Vigilance and education are the key steps. Discuss impersonation attacks with colleagues likely to be affected and review your procedures to ensure money transfer requests are authorised such as an internal code word on emailed transfer requests. Multiple authorisations for transfers beyond a small amount is another security procedure.

Email rules that flag internal emails as internal are also a quick visual way to determine if emails are from a third party or not. This is not fool proof as email headers can be manipulated to appear to come from your business domain.