Skip to main content


Impersonators, they’ll be back

Along with the rise in data leaks and cyber breaches in South Africa, there is also a marked increase in the number and volume of impersonation attacks being attempted. As long as the cybercriminal keeps being successful, this will not slow down.  Are you aware of what an impersonation attack is, and are you actively taking steps to identify and stop these attacks in your own environment?

There are billions of email addresses in use and often people have more than one address. Owing to the low risk and increased simplicity of launching an attack it is reported that 91% of cyber-attacks are started via email. Without visibility and awareness, the odds are definitely in the cyber criminals favour.

Impersonation attacks and phishing attacks are very similar.  One big difference between the two is that the impersonation attack is more precise and will have a specific target. Phishing attacks use the shotgun approach to hit as many targets as possible, also called a spray and pray.

Owing to the way impersonation attacks are orchestrated, it is by definition far more targeted and well researched. There are several methods of getting at the information the attackers are after. This will include online information via the corporate website with the added intelligence gained by looking at social media platforms such as LinkedIn and Facebook. Some cyber criminals even go as far as finding out ways in which emails are written or meeting an individual from the company to use social engineering tactics. Using this intelligence, the attacker can pull together key personal information that will allow them to compile highly accurate emails. 

The key to success for the cyber attacker is to use human behaviour and naivety to trick an internal user to act out of the ordinary, which will lead to a financial loss.  This is often driven by the guise of urgency.

The usual modus operandi would be to impersonate a senior executive such as the CEO or CFO. They will start the initial email to gain the trust of the victim, with an email sent from a similar email address. The initial email will often say things like: I am out of the office, can you help me urgently or I do not have my mobile phone with me, please help me.

Once the trust is earned, this is rapidly followed up with an email that will read something like: We have an urgent transaction and I need you to make payment immediately to ABC Contractors…. The unsuspecting victim then follows what they believe are valid instructions and the payment is made. Even though this is out of the ordinary, the victim is helping their executive.  

If you have not provided tools to stop these attacks and also provided awareness training on what to look out for most people don’t question an email from a trusted employee or boss, especially if it looks almost identical.

Impersonation emails rarely contain malware they rely solely on misleading recipients into doing something which will bring about loss. This is a very real and very big business risk.

Mimecast released a recent report that highlighted a mammoth 400 percent increase in impersonation attacks worldwide.  With stats like these, it is no surprise that cyber security solutions have become an important topic in most executive management meetings. Companies need to start taking steps in order to prevent these types of attacks.

It is time to act, you don’t want to close the barn door once the horse has already bolted. Some key steps to prevent impersonation attacks are listed below.

  1. Deploy technology that identifies external spoofing and impersonation attempts before they get to your end users.
  2. Educate all end users on the risk and what they need to look out for.
  3. Check email addresses, not the display name, the actual email address.
  4. Take note of standard business processes. Do not stray from the process.
  5. If you do not have a process, make sure this is included and is part of the overall risk landscape of the business.
  6. If you are ever in doubt, pick up the phone and call the individual using known contact details. If they are not available, wait until they are before you act. Small delays are better than large losses. Verification is your life saver in these cases.
  7. Make sure you have a solid and functioning cyber resilience program in place which covers your environment, people and email.
  8. Contract reliable cyber security specialists, such as J2 Software to help ideality risk, implement risk frameworks, adapt policies and help implement ongoing monitoring to increase visibility.

As with anything, visibility and a managed, layered cyber resilience and defence strategy is the only way to stay cyber safe.


Olivia Hannah Coetzee

  • Created on .
  • Hits: 991