Filed Under:

How to Protect Your Business from Email Impersonation Attacks

In the digital age, email impersonation attacks have become a growing concern for businesses worldwide. As part of our three-part email awareness campaign, we at Arc Systems aim to equip you with the knowledge and tools to safeguard your company data from these threats.

Understanding Email Impersonation Attacks

Email impersonation attacks, also known as business email compromise, CEO fraud, or whaling attacks, are designed to trick recipients into making fraudulent financial transactions. Cybercriminals impersonate trusted individuals or entities, manipulating the victim into sharing sensitive information or transferring funds to an account they control.

Email Security - Lookalike domain

How to Identify an Impersonation Attack

Spotting a Lookalike Email Domain

One common technique attackers use is registering a similar email domain to the one they’re impersonating. They create an email ID using a name similar to the person they’re impersonating and send an email to the target requesting an urgent response. The slight difference in the email often goes unnoticed, leading the victim to share sensitive data. Always double-check the email domain when replying to an email that seems genuine.

Beware of Edited Display Names

Attackers may also edit the display name of the sender. This technique is particularly effective on mobile devices, where the email app may only show the display name and not the email address. Always ensure you’re checking both the name and email of the sender to avoid falling for such attacks.

The Danger of Free Email Accounts

Cybercriminals often use free email accounts such as Gmail, Yahoo, or Hotmail to carry out their attacks. They may claim they’ve been locked out of their email account and need immediate help to complete an urgent task. Always be cautious when logging onto a site from an email and ensure the website address starts with ‘https’ and has a padlock symbol in the address bar, indicating it’s secure.

How to Respond to a Suspected Impersonation Attack

If you suspect you’ve received an impersonation attack, don’t immediately action the request. Instead, verify the request by contacting the person directly using a number from your company’s directory. If you can’t reach them, speak to one of their colleagues. If the request is confirmed as fraudulent, make your colleagues and company aware. The attacker is likely to target others who may not be as vigilant.

Enhancing Your Email Security

To prevent these attacks from reaching end-users in the first place, consider adding further levels of protection. At Arc Systems, we offer comprehensive email security solutions that can help safeguard your business from these threats.

Questions you may be asking

What is email impersonation?

Email impersonation is a type of cyber attack where the attacker sends an email that appears to be from a legitimate source, such as a bank, credit card company, or government agency. The goal of the attack is to trick the recipient into clicking on a malicious link or providing personal information.

How do email impersonation attacks work?

Email impersonation attacks often use social engineering techniques to trick the recipient into believing that the email is legitimate. For example, the attacker may use the name and logo of a legitimate company in the email header, or they may create a fake website that looks like the website of a legitimate company.

What are some of the most common types of email impersonation attacks?

Some of the most common types of email impersonation attacks include:

How can I protect myself from email impersonation attacks?

There are a number of things you can do to protect yourself from email impersonation attacks, including:


Staying vigilant and informed is key to protecting your business from email impersonation attacks. Share this information with your colleagues to increase overall company security and stay one step ahead of cybercriminals. By following these tips, you can help to protect yourself from email impersonation attacks.

To learn more about how you can protect your business from email impersonation attacks, contact us on 01268 288100 or email [email protected]