Email impersonation scams are a big cyber security and fraud threat to local businesses. These scams involve cybercriminals impersonating business owners and execs, instructing employees by email to perform electronic funds transfers, pay invoices or send sensitive information. By forging email addresses, they literally ask for what they want – and get it.

Email spoofing is increasing. Our advanced email protection solution e-Purifier identifies and stops thousands of spoof and spam emails from reaching our clients’ inboxes every single day.

How do impersonation email scams happen?

Email spoofing is a tactic used by cybercriminals that leads to what is called, Business Email Compromise (BEC). Cybercriminals forge the email addresses of people in authority and send targeted emails to employees who will follow their orders to make payments or handover information. The email and the sender’s address looks legit so the recipient follows the instruction to either,

  • Make an electronic funds transfer to a bank account
  • Pay an invoice
  • Send back sensitive information about the business or its clients
  • Reply with banking details, passwords or log-in credentials
  • Open malicious hyperlinks which downloads malware that can be used to spy on email communications
  • Open attachments or links which install ransomware on the victim’s computer to encrypt data and hold it to ransom

How are sender’s addresses forged?

It starts with some scouting. Cybercriminals find the details of senior people, CEOs and financial directors on company websites and social media. High-level employee email credentials are also bought and sold on the dark web. These email addresses are spoofed to make them look as though they are legitimately from someone in authority at a company. There are a few ways that they do this.

They can,

  • Forge the contact name and email address that is visible to the recipient

There are two “senders” of an email. The first is the “envelope sender” and the other is the “From:” header. The header is usually automatically displayed by email clients like Google or Microsoft. This is the one that cybercriminals can forge to trick email clients into displaying a name and email address.

  • Set-up a valid email address with a name of someone in authority in the company

This is a tricky one to spot because the email comes from a valid free email account using the sender’s name. Since these aren’t “forged” email addresses, they don’t get blocked by email security filters. By default, many email clients only display the sender’s name, and not the whole email address, especially when viewed on mobile devices.

  • Create a new email address that looks like the real one but there are subtle differences

A valid email address is created using a domain names that looks similar to the real one but there are subtle differences.

  • Hack email accounts

This is when an email account is hacked. Usually this scam starts with a spam or phishing message. Using a malicious link or malicious attachment, the attacker gets access to the account credentials or the whole device in order to send emails as if they were that person.

How to prevent Business Email Compromise attacks

You need a strong multi-layered security approach, with the first layer being a secure email gateway. All email communications should be inspected and filtered and/or stopped before actually reaching email inboxes if they are spam, contain malware or viruses, and look suspicious. A strong email gateway will detect spoofed domains as well as keywords commonly used in Business Email Compromise Attacks.

You also tools that can monitor your email network for signs of malicious activity and account compromise, such as multiple failed login attempts, unusual locations and abnormal times. Advanced solutions will also place warning banners on emails from new or unusual contacts to alert and protect users. But, even with warnings many people still open emails, click on links and action instructions if the email looks like it came from someone legitimate. That’s why cyber security awareness training should be part of your strategy for preventing Business Email Comprise and other email-related ills like phishing.

You can also,

  • Prohibit automatic forwarding of email to external addresses
  • Make frequent checks for changes to configuration and custom rules for specific accounts.
  • Create a rule to flag email communications where the “reply” email address differs from the “from” email address.

Best protection against Business Email Compromise

You can deploy ONE, robust email security and content management solution. Our e-Purifier solution ensures that only clean and safe emails reach your users’ email inboxes while meeting compliance and business continuity needs. It features:

  • Secure and scalable email gateway
  • IP reputation lookup
  • URL reputation filtering
  • URL redirection
  • Impersonation protection,
  • Advanced threat protection
  • 100% Anti-Malware including zero-hour protection
  • 100% Anti-Spam with 0,0001% false positives
  • Encrypted transmission of emails
  • Group or individual policies with existing AD policies transferred through LDAP Integration
  • 24/7/365 Premium Support Services
  • Group or individual policies with existing AD policies transferred through LDAP Integration
  • Scheduled and on-demand reporting

How to avoid becoming a victim of email impersonation scams

Don’t make business contact details and email addresses freely and publicly available online. You are just making scouting easier for scammers. If you want to share your email contact details online or on social media, use a different email address that is not linked to your business email account.

Get educated and educate your staff about email spoofing and phishing. Most business email compromise attacks begin with a phishing mail.

  • Scrutinize senders’ email addresses for discrepancies and slight alterations such as an extra letter or number. For example [email protected] instead of [email protected]
  • Question any unplanned or urgent payment instructions even if they appear to be from a legitimate email address. Contact the person giving the instruction by phone or in person to check if it is really them asking for a payment to be made in a hurry.
  • Verify any requests for changes in beneficiary account details. Phone the sender and ask if they have really changed their bank account details.
  • Don’t respond to requests for personal or sensitive information. No legitimate company will ask for banking details or other sensitive information by email, online or via sms.

Talk to us about ProtectU

ProtectU combines our industry-leading email management solution e-Purifier and uSecure, an intelligent end user awareness training and phishing simulation platform. With uSecure, you can make cyber security culture across your organisation in a pain-free, measurable and cost effective way. With uSecure, cyber attacks can be simulated regularly to help identify most at-risk users and learn how susceptible they are to ultra-targeted spear-phishing campaigns and business email compromise attacks.

These solutions are cloud-based and offered as a subscription service. We maintain and monitor them for you at a fraction of the cost of buying and managing various point solutions in-house.

Talk to us to protect your business and your people.