All You Need To Know About Impersonation Phishing Attacks
Scams are extremely prevalent in our society, at work and in our personal lives but one of the most devastating types, are impersonation phishing attacks. In this article we’re going to share our knowledge about impersonation phishing scams alongside some real-world examples. We’ll also discuss the legal consequences and a useful feature Microsoft have that helps reduce phishing emails in the workplace.
What is Impersonation Phishing?
Impersonation phishing attacks are fraudulent attempts to trick recipients into opening malicious emails or attachments by pretending to be someone they trust, such as a colleague, a customer, or a well-known organisation.
There a several different kinds of impersonation phishing attacks including emails, SMS messages, and telephone or voice scams. The Cyber Security Breaches Survey 2023 confirmed emails were the most common type of phishing scam, especially with businesses. These included staff receiving scam emails, being directed to fake websites, colleagues and suppliers being impersonated, or through the introduction of virus and malware.
Most emails usually either directly ask for sensitive information or attempt to trick the receiver into visiting an unsafe website, which then prompts them to disclose sensitive information unknowingly.
These attempts vary from being clearly fabricated, to very convincing, and sometimes employ very smart page layout, language and company logos to try to deceive the recipient.
Examples of Impersonation Phishing Attacks
Internal impersonation attempt
Chloe receives an email from their managing director, requesting that they urgently send money to a bank account to finalise a deal they’ve been negotiating. The bank details are included in the email. As part of the finance team, this kind of request is normal, and Chloe complies.
During an audit, the payment is questioned and upon checking the email, Chloe sees that the display name is that of their managing director, but the email address is an external email address they don’t recognise. This means Chloe has sent company money to an unknown bank account.
External impersonation attempt
Tom receives an email from a prospective customer with a SharePoint link and a message saying they want to share a document with Tom. Tom clicks the link and is taken to a webpage that looks like SharePoint sign-in page so Tom inputs their Microsoft credentials and clicks ‘sign in’.
The webpage doesn’t go anywhere because it was not a sign-in page, it was a form, and Tom has just given his Microsoft credentials to a stranger.
External impersonation attempt
Al receives an email from a known client and the email contains an attachment for Al to read. It’s unusual for the client to send attachments so Al checks the email address, display name, and link; they all look legitimate. When Al downloads and opens the attachment, it is a blank document and so he ignores it and assumes the client sent it by mistake.
Unfortunately, that client has been a victim of an impersonation phishing attack, and a threat actor has used their account to send malware to all their contacts including Al. The malware has downloaded to Al’s device and is now infecting their own system.
Potential Consequences of an Impersonation Attack
Impersonation attacks can have serious consequences for your organisation including:
- Financial loss
- Personal and operational data loss
- Damage to your brand and loss of customer trust
- Legal and regulatory compliance issues including fines
- Redundancies or complete closure of business
In the first half of 2023, around £580 million was stolen by criminals, of which, CEO fraud totalled £6.9 million and invoice scams totalled £24.8 million. With losses ranging from the hundreds to millions, it is paramount to ensure that emails are protected from these attacks.
Impersonation Protection in Microsoft 365
Among the many tools that Microsoft employ for cyber defence, Microsoft 365’s anti phishing policies have impersonation protection. These policies can be set up for users who are more prone to be impersonated, such as directors and finance managers.
Any emails deemed suspicious are ‘quarantined’ to then be reviewed by the relevant IT or compliance team member, rather than being delivered directly to the end user.
When used in conjunction with a robust cybersecurity framework, enabling such a simple tool can potentially save an organisation both a significant amount of money and reputational damage.
The examples we shared were preventable with the right protections and training. As a Microsoft solutions provider and Microsoft Partner, Fuse CS have the skills and technology to keep your Microsoft 365 environment secure, including emails and other communication methods.
Get in touch with our Northampton based IT support team today to discuss how collaboration with us will protect your organisation from impersonation phishing attacks.