Four spoofing attacks organizations should be wary of

Stu Sjouwerman is the founder and CEO of KnowBe4 Inc.security awareness training and a phishing simulation platform.

Impersonation attacks continue to rise as cybercriminals increasingly exploit trust marks and business relationships. These sophisticated phishing attacks not only help adversaries better manipulate victims, but also greatly enhance their ability to commit fraud, steal data, and commit financial crimes. Since spoofing attacks leverage familiarity and reputation, they tend to appear more believable, which is why they usually go unnoticed by untrained or unsuspecting eyes. According to the Federal Trade Commission (FTC), identity theft scams have increased by 85% year over year and are costing American businesses billions of dollars in losses.

Although identity theft scams are not new, they are evolving and becoming increasingly sophisticated. Here are four techniques impersonators are currently using to scam organizations:

1. Trademark Impersonations

Scammers impersonate well-known organizations and tech companies, asking users to troubleshoot login issues or fix an issue with an account. Government impersonators defraud organizations by asserting their authority and threatening targets with dire consequences such as termination of benefits, enforcement of tax liability, arrest, or prosecution. According to a report, while Facebook and Microsoft were some of the most impersonated brands in 2021, scammers often impersonate banks and financial services for the sole purpose of committing financial fraud. In the first half of 2022, 15% of all phishing emails impersonated a well-known brand.

2. Usurpations of the executive

Executive impersonation is a type of impersonation in which a crook assumes the identity of a trusted person to defraud a victim into revealing sensitive information or performing a financial transaction. Business Email Compromise (BEC) is a type of CXO fraud perpetrated to deceive employees, even to the point of communicating with targets using natural or local language. Some scammers use advanced techniques such as deepfakes and holographic zoom impersonations to trick victims into thinking they are actually talking to the real person.

3. Seller impersonations

Vendor impersonation is an increasingly popular technique used by scammers to defraud organizations into making payments to fraudulent accounts. The modus operandi involves criminals sending fraudulent emails and fake letterheads to their business partners indicating that their financial information has changed. Upon receiving such emails, victims update their account details and end up transferring money to another unwitting recipient. Although this type of fraud is executed using a variety of techniques, the result is essentially a request for payment that appears to come from a supplier the company knows well. In some advanced vendor impersonation attacks, scammers will breach an employee’s email account and monitor their mailbox for best practices and writing styles, then wait for a window of opportunity when the VIPs are out of the office before launching an attack. Impersonation attacks are growing in popularity and have overtaken BEC attacks in volume.

4. Multi-person impersonations

State-sponsored cybercriminals create multiple fake personalities to prey on their victims by increasing the credibility of their phishing campaigns. Multi-persona attacks are a very sophisticated impersonation scam where adversaries send carefully crafted phishing messages using spoofed email addresses to specifically targeted individuals and groups. After these victims respond via email, the attackers send a link to a maliciously crafted document that is hosted on Microsoft OneDrive. When the document is opened, it reaches a remote host and executes malicious code designed to collect information from the victim’s system, such as username, a list of running processes, IP address public of the computer, then exfiltrates this information using a Telegram API.

How can companies mitigate the risks of an identity theft attack?

Impersonation attacks are a difficult challenge to overcome. Since they use legitimate channels and resources to defraud individuals, they are usually undetected by traditional cybersecurity checks. To effectively mitigate the risk of identity theft, organizations need to understand how or what can be impersonated and work to systematically close loopholes. Here are some best practices that can help:

• Train users to spot and report identity theft: Train employees to develop security instincts that can recognize fraudulent emails and social media accounts. Conduct regular phishing simulations to give employees “hands-on” experience with identity theft.

• Teach users to double-confirm identities: Use another method such as the telephone, especially if the transaction involves large sums of money.

• Leverage DMARC, DKIM, and SPF email security protocols: Email protocols such as DMARC, DKIM, and SPF prevent third parties from spoofing your email domain. Although this technology does not work perfectly, it can certainly help reduce the risk of identity theft to some extent. If possible, use an advanced email security solution that can block BEC and other advanced spear-phishing attacks.

• Use strong passwords and multi-factor authentication (MFA): Employees should use long and complex passwords to prevent account takeover. Security teams should deploy phishing-resistant MFA so that if credentials are compromised, they can prevent attackers from gaining unauthorized access to email accounts.

Impersonation attacks can have a major impact on organizations. Deploying a layered strategy based on an understanding of the latest spoofing techniques, advanced technological defenses, and human firewall hardening can go a long way toward making the organization resilient to sophisticated and targeted phishing attacks. .


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs, and technology executives. Am I eligible?


Leave a Reply

Your email address will not be published. Required fields are marked *