Impersonation Attacks

What Is an Impersonation Attack?

An impersonation attack is a type of targeted phishing attack where an attacker pretends to be a trusted individual or organization.

The impersonation is often done by compromising a third-party account or simply creating a lookalike account.

They then social engineer their victims into performing sensitive but routine tasks like transferring funds, clicking a link, or sharing data.

Types of Impersonation Attacks

1. Business Email Compromise (BEC): Attackers impersonate a company executive or trusted vendor to request fraudulent wire transfers or access to confidential information.
2. CEO Fraud: A specific type of BEC where attackers impersonate the CEO or other high-ranking officials to authorize financial transactions or sensitive data sharing.
3. Technical Support Scams: Attackers pose as technical support personnel to gain access to a victim’s computer or network under the guise of fixing a non-existent problem.
4. Whaling: A form of phishing that targets high-profile individuals like executives and aims for larger payouts.
5. Spear Phishing: Highly targeted phishing attacks directed at specific individuals or organizations, often involving personalized messages to increase the likelihood of success.

How Do Impersonation Attacks Work?

While there are several types of impersonation attacks, they all tend to share the following stages:

• Reconnaissance: Attackers gather details on the target’s communication patterns via social media or other sources.
• Establishing Credibility: They create a pretext to establish credibility, often using spoofed emails or phone numbers.
• Execution: Contact is initiated with the victim, usually via email, phone, or social media, to perform social engineering.
• Request for Action: Attackers then ask the target to transfer funds, share sensitive data, or click on a malicious link.
• Exploitation: Funds are transferred or data compromised. Leaked sensitive information is often used for identity theft or sold on the dark web.

Examples of Impersonation Attacks

1. Google and Facebook Spear Phishing (2013-2015): Lithuanian national Evaldas Rimasauskasorchestrated a fraudulent BEC attack, tricking Google and Facebook into wiring over $100 million to bank accounts he controlled. By creating a company with a name identical to a legitimate Asian-based hardware manufacturer, Rimasauskas sent phishing emails that appeared to be from the legitimate company, directing payments to his accounts.
2. Merseyrail Cyberattack by LockBit Ransomware (2021): In April 2021, the LockBit ransomware gang targeted the UK rail network Merseyrail. The attackers took control of the Director’s email account and impersonated him to email employees and journalists about the ransomware attack. The email leaked employees’ personal data and emphasized how serious the ransomware attack had been.
3. FACC Impersonation Attack (2016): FACC, an Austrian aeronautics company, fell victim to a BEC scam in 2016. A Chinese national gained unauthorized access to the company’s email server. With this level of access, the attacker then studied the CEO’s writing habits and quirks to make their phishing messages look legitimate. Next, the attacker impersonated the CEO and sent emails instructing employees to transfer large sums of money to foreign bank accounts. After the attack, FACC fired their CEO and CFO and sued them for $10 million for not doing enough to prevent the attack.

How To Prevent Impersonation Attacks

1. Employee Awareness and Training: Regularly train employees to recognize phishing attempts, suspicious emails, and other social engineering tactics.
2. Email Security: Implement email authentication technologies such as DMARC, SPF, and DKIM to prevent email spoofing. Use email filters to detect and block phishing emails.
3. Multi-Factor Authentication (MFA): To add an extra layer of security, require MFA for accessing sensitive accounts and systems.
4. Verification Protocols: Establish protocols for verifying the legitimacy of requests, especially those involving financial transactions or sensitive information. This can include callback verification or in-person confirmation.
5. Monitoring and Alerts: Use monitoring tools to detect unusual activities. Set up alerts for potential security breaches.
6. Secure Communication Channels: Ensure secure communication channels are used for sensitive information. Always avoid using unencrypted email for critical transactions.
7. Regular Updates and Patching: Keep all software and systems updated to protect against known vulnerabilities.
8. Data Breach Monitoring: Implement data breach monitoring to get alerted when your employees’, customers’, or vendors’ credentials have been compromised. Early detection enables your security team to reset the credentials and prevent further exploitation.