Imitation attacks - who, what and how?

If you are the victim of a impersonation attack, it is someone who is making a phishing attack on you. Impersonation attacks are a type of phishing where the actor pretends to be someone else.

Why does the hacker use impersonation?

Impersonation attacks are part of the social engineering method, where a hacker often pretends to be an authoritative figure, so you are more likely to provide information. Often the hacker will trick you into transferring money, giving sensitive information or getting you to give sensitive information about your workplace.

Typically, the hacker wants the sensitive information about your workplace in order to execute a hacker attack on your company - if they get access to your database, they can either commit a ransomware attack, demanding money to get the data back, or install malware and can sell your information on the dark web.

An impersonation attack is often done via email, as it is easier for the hacker to impersonate someone else by compromising the domain name and email. This is also called email spoofing. In short, spoofing is a technique used in phishing attacks to trick users into thinking that the email comes from a trusted company. The hacker can imitate the sender in the email header so that the fake email address is seen when the email is opened, whilst looking genuine.

Often, spoofing and impersonation attacks are a BEC (business email compromise). This is where the hacker, as mentioned, impersonates a company or an executive. In this way, people are more likely to pass on information because they believe that the request is coming from a legitimate source.

The most common form of impersonation

As mentioned above, the most common form of impersonation attack is through email. They either steal an email address they know belongs to a colleague, manager or similar and impersonate them.

Impersonation attacks are a type of phishing where the impersonator is specified a specific person or group of people. Impersonation attacks can also be called spear phishing, where the hacker narrows down his victim to a person or group. Email attacks often contain links and attachments which, if clicked, give the hacker access to your software or install malware on your computer.

There are three types of email attack to be particularly aware of:

• Business email compromise (BEC): the hacker impersonates a company
• CEO fraud: the hacker impersonates a company executive or director, using their authority to obtain information.
• Whaling: A type of phishing that targets high-ranking executives or directors of a company.

You can also recognise a impersonation email by looking for the following:

Unusual queries.

Problems that require an immediate solution.

Fraudulent or misspelled email addresses.

Other types of impersonation attacks to be aware of

Another type of impersonation that the hacker can do is a "cousin website", which is a accurate copy of an official website or email address, so that the domain name looks legitimate. Normally websites use domain codes such as .org, .net or .com, but a cousin website has the wrong domain code. The hacker may even go so far as to copy the layout of the website so that it would be impossible to tell what is the real one and what is a fake.

Next, there is Account Takeover (ATO), where a hacker accesses an email address through stolen information they can get from data leaks or brute-force attack. If an email account does not have multifactor authentication, the hacker can easily impersonate the stolen domain name. In addition, many people use the same login credentials for various websites, so the hacker can also access them here, in addition to your email account.

You can also be exposed to a Man-in-the-middle (MITM), where the hacker gets "in between" emails and compromises the messages. So when the hacker gets between messages - and sender and recipient - they can intercept information that they can use to hack into your software etc. To avoid MITM attacks, you can take some precautionary steps:

• Avoid using public and open wifi (such as hotels, airplanes and coffee shops).
• Avoid using unstable websites (this is often warned with a pop-up).
• Log out of a public chat when you're done, to shut out the hacker.

Finally, there is smishing and vishing, which are phishing attacks carried out via text messages and phone calls respectively. Smishing messages often contain links that you are invited to click on. Also, because it is on your phone, you cannot check the link before clicking it, as you can on a computer. Unfortunately, vishing is difficult to prevent as the hacker can use a different number and keep calling, pretending to be, for example, a bank requesting account details.

What can be done to prevent impersonation attacks?

Unfortunately, you cannot prevent impersonation attacks from happening, but you can take some security measures to avoid falling into the hacker's trap.

• Undergo awareness training to become aware of the methods and tricks hackers use to collect and steal personal data.
• Use self-invented email domains to avoid a generic domain that is easier for the hacker to crack.
• Implement security for your email, by making sure you have DMARC, DKIM and SPF installed for your email.

Also, always report impersonation attacks if you experience them. You can report it to the IT department if you or your colleagues have been impersonated so that IT can deal with the matter. You should therefore be aware and try to act as quickly as possible if you experience anything suspicious.