Email impersonation is to trick users into believing the email is from someone they are close to or frequently work with, in which we call it “VIP”. After earning the trust from a victim by impersonating a VIP, then the attackers would ask the victim to give sensitive information for further actions.
After doing a thorough research on the “VIP"'s profile, an attacker would first create an email that looks exactly like the “VIP's email address” whom the victim works frequently with. Then, this fake “VIP” would ask for help such as asking for personal information or money transfer (with a suspicious link to click on sometimes).
No one can be smart enough to identify every email and be 100% sure whether it is safe or not while simply a misclick can put the whole company at risk.
But no worries, here are 3 things you can do to stop VIP email scam:
1) Check email using company address book
One effective way to make sure it is from someone you know is to check with your company address book. As the address book must include everyone at work. If a suspicious email cannot be found in company address book, then it is very likely to be a scam.
2) Confirm with the VIPs
Always be skeptical of urgent and rush money transfer requests, especially from C-level executives. When it comes to making important decisions such as rush money transfer requests and giving sensitive information to VIPs, the wise move would always be to verify with the contact person either by phone or in person.
3) Verify Email Signatures
Most of the VIPs’ emails contain signature. By comparing the signatures, we usually can tell whether it is an email attack. If there isn’t any signature at all, then it is even more likely to be a phishing email.
Email impersonation is one of the most popular cyberattack techniques that we all have a chance to fall into as we all can't be alert 24/7. However, developing the above 3 steps as a habit can definitely reduce the cyber risks to the minimum.