Amidst the global furore over high profile cyber-espionage, businesses and individuals have to contend daily with increasing cyber criminality.
In line with the uptick in ransomware, impersonation attacks have become a common way for cyber criminals to extract money from unsuspecting Internet users. Impersonation attacks are basically phishing attacks whereby a cybercriminal has used the name of a CEO, executive, employee or business partner in order to get sensitive information from victims. A recent Mimecast report has highlighted a whopping 400% increase in impersonation attacks worldwide.
Notably, these impersonation emails often don’t contain malware and rely on conning recipients into sending money or data that ultimately exposes the end user.
Leveraging personal data in the public realm
Unsurprisingly, hackers trawl social media sites such as Facebook, Twitter and LinkedIn for key personal details that enable them to compose highly believable emails and messages.
By learning about a CEO’s leadership and communication styles, for example, or mimicking a company’s sales team, hackers are able to compose emails that easily dupe unsuspecting employees, clients or business associates. Indeed, familiarity leads to critical mistakes in today’s digital realm.
Such attacks have been on the rise for some time…
A public service announcement issued by the Federal Bureau of Investigation (FBI) stated that between October 2013 and December 2016, business email compromise scams resulted in a total loss of more than $5.3 billion US dollars.
To date, statistics reveal that there are 4.3 billion email addresses in the world – and people have two email addresses, on average. Worryingly, 90% of attacks start with an email. It’s simply the easiest way in.
For businesses and individuals, the lesson here is to always be on high alert for emails and messages that are even slightly out of the norm. In addition, it is critical that security systems are consistently monitored and updated in order to guard against impersonation attacks and the various other methods being employed by hackers and criminals.