‘The trust of the innocent is the Liar’s most useful tool ‘– Stephen King
One of the biggest threats to organisations’ data and systems security is Impersonation emails and Phishing scams. The underlying culprit is the exploitation of trust by the impersonation of colleagues or organisations.
The first ever wave of cybercrime sent via email was the ‘I love you’ scam of 2000, AKA the ‘LoveBug’. This attacked thousands of Windows users and sent a damaging worm onto their systems. What made this scam so successful, other than being the first of its kind, was its impersonation of real people from victims address books. The recipients saw an ‘I love you’ subject-line email from someone they knew. Pure curiosity and human emotion was the anchor in their scam.
Impersonation Emails and Phishing Scams
The IBM Threat Intelligence index reported in 2017 that the volume of spam emails increased by four times in 2016. In the same fashion as the ‘Love Bug’, Impersonation emails are so dangerous because they exploit the trust between colleagues to steal finances or data from victims. According to the City of London Police’s National Fraud Intelligence Bureau (NFIB), the highest reported loss from a single CEO fraud attack is £18 Million. Due to the scale of the attacks and their increasing popularity, the need to protect yourself from this type of cybercrime is pivotal.
Phishing also involves the forgery of emails to trick the undeserved recipient. They want you to give up valuable data and download dangerous malware. They’re sent to more people in the hope that a small number of responses will lead to a successful attack.
Impersonation emails and Phishing scams are very difficult to identify, studies have found as many as 94% of employees can’t tell the difference between real and phishing emails. This results in 11% of people click on the attachments in emails which contain malware.
Keeping you Safe
Here are the Tricks and Safety Measures you need to know to protect yourself from impersonation emails and phishing scams:
- Trick: Impersonation emails trick recipients by taking out/changing a single letter in their impersonation, which means at a glance the URL seems ordinary.
- Safety Measure: Taking the time to carefully read URL’s, seeing if they’re slightly different to previous ones from a specific contact
- Compare introductions from emails to previous ones, seeing if formalities are slightly different.
- Trick: Hackers edit the display name of the sender. Peoples’ increased use of mobile, which only shows the name and not the email address, has contributed to the increase in scamming attacks.
- Safety Measure: Access emails from a desktop which shows the name and email of a sender
- Consider turning on the warning settings available within Office365 that can identify emails pretending to be from within your team
- If in doubt, don’t click. Call the person or company involved.
- Add a Threat Protection Product to your network, such as Mimecast Advanced Security
What can Protect your Network?
But, of course these are time consuming tasks. To help save your organisation’s entire network, you can choose from one of the many services out there designed to help protect yourself from fraud:
- IBM’s Cognitive Fraud Detection service which provides dynamic identity analytics to help better detection services for users.
- Mimecast’s services provide customizable controls to help organizations identify, prevent, quarantine and tag suspicious emails. You’re shielding yourself with a strong defence against Impersonation emails.
- A good place to start is Mimecasts’s State of Email Security 2018 Report
Here at Systems IT, we care about your networks safety. We recommend Mimecast as the best solution to protect your valuable data and finances from fraud. If you would like to find out more about how to protect yourself from Impersonation emails and Phishing scams, please find out more here.