• Log In
  • Sign Up
  • Contact Us
PowerDMARC
  • Features
    • PowerDMARC
    • Hosted DKIM
    • PowerSPF
    • PowerBIMI
    • PowerMTA-STS
    • PowerTLS-RPT
    • PowerAlerts
  • Services
    • Deployment Services
    • Managed Services
    • Support Services
    • Service Benefits
  • Pricing
  • Power Toolbox
  • Partners
    • Reseller Program
    • MSSP Program
    • Technology Partners
    • Industry Partners
    • Find a partner
    • Become a Partner
  • Resources
    • DMARC: What is it and How does it Work?
    • Datasheets
    • Case Studies
    • DMARC in Your Country
    • DMARC by Industry
    • Support
    • Blog
    • DMARC Training
  • About
    • Our company
    • Clients
    • Contact us
    • Book a demo
    • Events
  • Menu Menu

What is an Impersonation Attack?

Blogs
What is an impersonation attack

An impersonation attack is an attempt to gain unauthorized access to information systems by masquerading as authorized users.

According to Security Magazine, there’s been a staggering 131% increase in Whaling and Executive Impersonations between Q1 2020 and Q1 2021, with 55% of cybersecurity pros saying that an executive at their company has been spoofed. These attacks cost enterprises $1.8 billion in losses last year alone.

The problem is so pervasive that 1 out of every 3,226 emails received (once every 24 days) by an executive is an impersonation attempt.

In this article, we lay out everything you need to know about an impersonation attack, their types, how to detect them, and how to defend your organization against them.

What is an Impersonation Attack?

An Impersonation Attack is a form of Social Engineering where an attacker pretends to be someone else or impersonates a legitimate user (or group of users), to gain access to information they are not authorized to have.

In this type of attack, the attacker will often use social engineering techniques to gain information about the system and/or target, like posing as a member of the IT department and asking for login credentials.

Impersonation attacks can be in person, over the phone, or online. And can be catastrophic if not detected.

How is an Impersonation Attack carried out?

Impersonation is when a malicious actor pretends to be a legitimate user or service to gain access to protected information. Impersonation attacks are easy to carry out and can be very damaging, depending on the type of data the attacker is trying to obtain.

All an attacker needs to do is gather enough information about a legitimate user or service to trick others into thinking that they are who they say they are. The attacker will then try to get their target (or targets) to reveal sensitive information that would otherwise be protected by security measures.

In many cases, attackers will use email or other forms of communication to attempt impersonation attacks. They will send emails pretending to be someone else (known as spoofing), which can include phishing emails containing links that download malware onto the system of an unsuspecting user.

Another method used by attackers is known as whaling; this involves stealing the identity of a manager or owner and sending out emails directing employees to transfer funds or provide other sensitive information. Because the email appears to have originated from someone in an authoritative position, many employees would follow the instructions without question.

How are Impersonation Attacks planned?

In order to create a plan for an impersonation attack, hackers first need to gather information on their target. They will often use publicly available information, such as social media profiles and the publicly available information on the company’s website. The hackers can use this information to create a realistic persona and begin to interact with employees of the target company.

The hacker will contact the employees using methods that are in line with what is expected of this persona. The hacker may email, text message, or call employees using a fake business email address or phone number that matches the company’s actual email or phone number to the highest possible extent — the difference is there, but it’s almost invisible to the naked eye.

This gives the employee a sense that they are interacting with a known person in their organization.

Here’s an example of email impersonation:

[email protected]

[email protected]

As you can see above, the differences between the two emails are subtle and easy to miss, especially if you’re getting hundreds of emails per day.

Once the hacker has gained the trust of the employee, they will send them an email that appears to be from an authentic company source. These emails often contain links to websites that ask for personal information or require action from the employee (e.g., download files). These websites and files are infected with malware that allows hackers to access data, steal personal information, or introduce other cyberattacks on the company’s network.

Forged sender addresses like these get rejected through a strict DMARC policy, which you can leverage for your emails to stay protected against impersonation attacks. 

Some Common Impersonation Attack Tactics

There are several ways attackers might try to impersonate you or someone you know. Here are some common tactics:

1. Free Email Account Attack

The attacker uses a free email service to send messages from an email address similar to the one used by the target. This tactic can be used to convince people to visit a malicious website or download malware or provide information such as passwords or credit card numbers.

2. Cousin Domain Attack

In the Cousin Domain Attack, the attacker creates a website that looks nearly identical to your bank’s website—but ends with .com instead of .org or .net, for example. They then send emails from this fake site: when people click on links in those emails they will be taken to the fake site instead of their real bank’s site.

3. Forged Envelope Sender Attack

The attacker will create an email with a sender address that appears to come from a known company, such as “[email protected].” Because this address looks legitimate, it bypasses most mail servers’ filters. The attacker then targets victims with their message, luring them into clicking on links or opening attachments that allow malware to infect their computers.

4. Forged Header Sender Attack

A header sender attack is a type of email spoofing that can be used to trick people into believing a message was sent by someone other than its true source. In this type of attack, the “sender” field in an email header is modified to include an address other than the actual one that sent the message. This can be done by changing either the “From:” or “Return-Path:” fields, or both. The goal of these attacks is to make it appear as if an email has been sent by someone else—such as a business associate or friend—to trick recipients into opening messages from someone they know.

5. Compromised Email Account Attack

In this attack, an attacker gains access to a legitimate email account and then uses that account to send emails and messages to other people in the organization. The attacker may claim to be an employee with special knowledge or authority, or he may impersonate another person who does have special knowledge or authority.

6. CEO Fraud Attack

In this attack, attackers impersonate the CEO of a company and try to convince employees or customers that they need access to sensitive information. The attacker will often use social engineering techniques like phishing emails or phone calls that make it appear as if they are calling from inside your company’s IT department. They will often use language specific to your industry or business to sound more legitimate and trustworthy while asking for sensitive information like passwords or credit card numbers.

7. Man-in-the-Middle (MITM) Attack

This type of attack involves the attacker intercepting your communications with a legitimate service and then relaying them to the legitimate service as if they were from you. In this way, the attacker can eavesdrop on your communication, modify it, or prevent it from happening altogether.

How To Recognize an Impersonation Attack?

A sense of urgency:The attacker may urge the receiver to act immediately (such as initiating an immediate wire tranfer, else their account will be permanently blocked)  by using an urgent tone in their emails. This pressurizes victims into taking action without thinking.

Confidentiality: The attacker may indicate that the information they’re asking for should be kept private, implying that its disclosure could lead to serious consequences.

Request to share sensitive information: The attacker may ask you for information that only your bank would know, such as your account number or password. They may also ask you to share your corporate credentials that is private information only you have access to. This would in turn allow them to access your company’s databases and leak sensitive information. 

Modified email addresses: For example, if you receive an email from someone pretending to be from “Amazon” asking you to log in and update your account information, but the email address is actually “amaz[email protected],” then this could be an impersonation attack.

Poorly written emails: Phishing emails are written poorly, often with spelling and grammar mistakes, as they are typically mass-generated.

Presence of malicious links or attachments: Malicious links and attachments are a common way to conduct an impersonation attack. These kinds of attacks can be identified by the presence of:

  •     Links that open in a new tab instead of in the current tab.
  •       Attachments with strange titles or file extensions (like “attachment” or “.zip”).
  •       Attachments that contain an executable file (like .exe).

Staying Protected from Impersonation

1. Companies need to be aware that cybersecurity training is essential to protect themselves from this type of attack. The training should include:

  •  How attackers can impersonate users and gain access to systems
  •  How to recognize signs that someone is trying to impersonate you so you can take action before any damage is done
  •  How preventative controls like two-factor authentication can help prevent unauthorized access attempts by someone trying to impersonate you

2. The company’s email domain should also be protected against impersonation attacks. This means having strict policies in place for registering new domains and accounts within your organization, as well as keeping track of who has access to each one so they can be removed if necessary.

3. When you create an email account for your business, make sure that it uses a domain that’s specific to your business. Don’t use “@gmail” or “@yahoo” because those domains are too generic and could be used by anyone who wants to impersonate you. Instead, use something like “@yourbusinessnamehere.com” where your company name is in place of “yourbusinessnamehere.” That way, if someone tries to impersonate you by sending an email from another email address, no one will believe them because they know what domain name goes with your business.

4. Companies must consider implementing email security solutions such as a DMARC analyzer that block impersonated domains from delivering emails with suspicious attachments or links (like phishing emails) through authentication.

Do you want 24/7 protection against impersonation? PowerDMARC is an email authentication solution provider – providing services aimed at enabling enterprises to secure their email communications. We help you manage your domain’s reputation by ensuring that only emails from authorized senders will be delivered through secured gateways, while also protecting it from being spoofed by cybercriminals and phishers.

impersonation attack

  • About
  • Latest Posts
Ahona Rudra
Digital Marketing & Content Writer Manager at PowerDMARC
Ahona works as a Digital Marketing and Content Writer Manager at PowerDMARC. She is a passionate writer, blogger, and marketing specialist in cybersecurity and information technology.
Latest posts by Ahona Rudra (see all)
  • Methods To Protect Yourself From Identity Theft - September 29, 2023
  • The Role of DNS in Email Security - September 29, 2023
  • New Age Phishing Threats and How to Plan Ahead - September 29, 2023
May 24, 2022/by Ahona Rudra
Tags: impersonation attack, impersonation attack definition, impersonation attack example, what is an impersonation attack
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on LinkedIn
  • Share by Mail

Secure Your Email

Stop Email Spoofing and Improve Email Deliverability

15-day Free trial!


Categories

  • Blogs
  • News
  • Press Releases

Latest Blogs

  • Methods To Protect Yourself From Identity Theft
    Methods To Protect Yourself From Identity TheftSeptember 29, 2023 - 12:11 pm
  • The Role of DNS in Email Security
    The Role of DNS in Email SecuritySeptember 29, 2023 - 12:08 pm
  • New Age Phishing Threats and How To Plan Ahead
    New Age Phishing Threats and How to Plan AheadSeptember 29, 2023 - 12:06 pm
  • How to View and Analyze Message Headers Online
    How to View and Analyze Message Headers Online?September 26, 2023 - 12:59 pm
logo footer powerdmarc
SOC2 GDPR PowerDMARC GDPR comliant crown commercial service
global cyber alliance certified powerdmarc csa

Knowledge

What is Email Authentication?
What is DMARC?
What is DMARC Policy?
What is SPF?
What is DKIM?
What is BIMI?
What is MTA-STS?
What is TLS-RPT?
What is RUA?
What is RUF?
AntiSpam vs DMARC
DMARC Alignment
DMARC Compliance
DMARC Enforcement
BIMI Implementation Guide
Permerror
MTA-STS & TLS-RPT Implementation Guide

Tools

Free DMARC Record Generator
Free DMARC Record Checker
Free SPF Record Generator
Free SPF Record Lookup
Free DKIM Record Generator
Free DKIM Record Lookup
Free BIMI Record Generator
Free BIMI Record Lookup
Free FCrDNS Record Lookup
Free TLS-RPT Record Checker
Free MTA-STS Record Checker
Free TLS-RPT Record Generator

Product

Product Tour
Features
PowerSPF
PowerBIMI
PowerMTA-STS
PowerTLS-RPT
PowerAlerts
API Documentation
Managed Services
Email Spoofing Protection
Brand Protection
Anti Phishing
DMARC for Office365
DMARC for Google Mail GSuite
DMARC for Zimbra
Free DMARC Training

Try Us

Contact Us
Free Trial
Book Demo
Partnership
Pricing
FAQ
Support
Blog
Events
Feature Request
Change Log
System Status

  • Français
  • Dansk
  • Nederlands
  • Deutsch
  • Русский
  • Polski
  • Español
  • Italiano
  • 日本語
  • 中文 (简体)
  • Português
  • Norsk
  • Svenska
  • 한국어
© PowerDMARC is a registered trademark.
  • Twitter
  • Youtube
  • LinkedIn
  • Facebook
  • Instagram
  • Contact us
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Security Policy
  • Compliance
  • GDPR Notice
  • Sitemap
Top 5 Email Marketing Tools for Online BusinessesTop 5 Email Marketing Tools For Online BusinessesDKIM authentication settings update failedHow to Fix “DKIM Authentication Settings Update Failed”?
Scroll to top