Impersonation attacks up 400 per cent, cyber security experts warn

An increasing number of attackers are impersonating high-level employees to trick workers into processing fraudulent payments, according to cyber security experts.

Mimecast said the number of impersonation attacks increased by more than 400 per cent over the last quarter as attackers managed to con companies’ employees.

In a typical attack of this kind – which is sometimes known as CEO fraud – a cyber criminal will send an email pretending to be a C-level company executive to dupe the recipient into transferring money or handing over sensitive data that can be used in further attacks.

The FBI recently issued a warning about the scams, which cost firms $5.3 billion (£4.2 billion) between October 2013 and December 2016. Between January 2015 and December 2016 there was a 2,370 per cent increase in identified exposed losses from this kind of attack.

Examining 40 million emails, Mimecast said it found nine million pieces of spam, 8,318 dangerous file types, 2,156 malware attachments and 8,605 impersonation attacks.

The researchers said 90 per cent of cyber attacks begin with emails, including the rising ransomware threat, so businesses need to make sure they are doing what they can to protect themselves.

“Cyber criminals are constantly adapting their attack methods,” said Ed Jennings, chief operating officer at Mimecast. “For instance, this latest ESRA analysis reflects how impersonation attacks are getting through existing email security defenses at an alarming rate.

“If a CISO isn’t reviewing its current email security solution on a 12- to 18-month basis, they may be surprised at what threats are now getting into employees’ inboxes.

“At the same time, email security providers need to ensure they’re doing their due diligence to protect customers from new attacks, whether they be advanced or simple. The Mimecast ESRA results show a clear need for the security industry to come together in the fight against email-borne threats.”

For the full report, see the Mimecast website.


Photo © daviles / 123RF Stock Photo