How to deal with an email security impersonation attack
Today we are launching the first in our three-part email awareness campaign which focuses around impersonation attacks.
The idea behind this email campaign is to provide you with some of the industry secrets when it comes to staying safe with your company data and not being the victim of an attack.
The challenges of dealing with an Impersonation Attack
Whether they’re called Impersonation Attacks, business email compromise, CEO fraud or whaling attacks, email impersonation attacks are typically designed to trick recipients into making fraudulent financial transactions by pretending to be from someone they’re not.
Below are some key points when it comes to how to spot the signs of a fraudulent email.
Lookalike email domain
Attackers will often register a similar email domain and create a new email ID using a similar name to the person they’re impersonating.
They will then email the target requesting an urgent response. As the email is only slightly different the victim will often not spot the difference and will send the sensitive data that the attacker asks for.
Also, if you are replying to an email that looks genuine, keep an eye out for the email domain when you hit ‘Reply’. If it has changed, don’t send the email.
Edited display names
Another technique attackers use is editing the display name of the sender. If your email app only shows the display name and not the email the attacker can easily fool their victim.
The increasing reliance on mobiles for email access has contributed to the success of such attacks. When you’re accessing your emails from a desktop both the name and email of the sender are shown which lowers the chance of falling for the attack.
A free email account
A common tactic used by cybercriminals is to send a message through a free email account such as Gmail, Yahoo, Hotmail etc.
In the email, the sender will probably indicate that they’ve been locked out of their email account and need immediate help to complete an urgent task.
If you do log onto a site from an email, be aware of what you are being logged into. Check that the website address has a padlock symbol in the address bar and starts with ‘https’. If it’s missing the ‘s’ – the site is not secure.
Top tips if you think you’ve spotted an impersonation attack
- Stop and don’t immediately action the request
- If it’s a colleague, give them a call using a number from your companies directory.
- Give the person a call to double-check – don’t rely on the contact details in the email though.
- If you can’t get hold of them ask to speak to one of their colleagues.
- If they confirm to complete the action then no harm done and crack on, if however it is fraudulent make them aware and make your colleagues and company aware, the hacker is extremely likely to target someone else who may not be as vigilant as you have been!
- Consider adding further levels of protection to stop these attacks reaching the end-users in the first place. See the webinar link below to learn how Mimecast can stop these attacks!