The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

The Rise of Impersonation Attacks – How Businesses Can Safeguard Their Emails

The Rise of Impersonation Attacks – How Businesses Can Safeguard Their Emails
29 October 2024
 

The cyber threat landscape is evolving at an alarming rate, and there's a new player in town that's causing mayhem in inboxes: impersonation attacks.

In this Opinion piece, Francis West, CEO of Security Everywhere, explores the rise of impersonation attacks and outlines the best practices for protecting your business from falling victim to these schemes.

 

Understanding Impersonation Attacks

 

Email has become the lifeblood of business communication. From sending contracts and invoices to sharing sensitive data with colleagues and clients, we rely on email for countless critical tasks. But what happens when the very tool we depend on becomes a weapon in the hands of cybercriminals?

Enter the world of impersonation attacks, where hackers masquerade as trusted contacts, tricking unsuspecting victims into revealing confidential information or transferring funds to fraudulent accounts. It's like a high-stakes game of "Who's Who," except the consequences are far from amusing.

The numbers don't lie: impersonation attacks are on the rise, and businesses of all sizes are feeling the heat. In fact, Microsoft reported that in 2023, a staggering 165,000 to 170,000 business email compromise emails were making their way through their systems every single day. That's a lot of potential damage waiting to happen!

In this article, we'll take a close look at impersonation attacks and arm you with the knowledge and tools you need to safeguard your business emails. From understanding the tactics used by cybercriminals to implementing powerful email authentication protocols like DMARC, SPF, and DKIM, we've got you covered.

Impersonation attacks involve cybercriminals pretending to be a trusted entity to deceive recipients into revealing sensitive information or transferring funds. Unlike traditional hacking, impersonation attacks rely heavily on social engineering and deception. Common methods include email spoofing and typosquatting, where attackers alter email domains slightly to trick recipients into thinking the emails are legitimate.

For instance, an attacker might send an email from "hello@securlty-everywhere.com" instead of the legitimate "hello@security-everywhere.com". Such minor changes are easy to miss, especially when recipients are not vigilant.

 

The Role of DMARC, SPF, and DKIM in Email Security

 

To combat impersonation attacks, businesses can implement three key email authentication protocols: DMARC, SPF, and DKIM. These protocols work together to verify the authenticity of email senders and ensure that emails have not been tampered with.

 

SPF (Sender Policy Framework):

 

SPF allows domain owners to specify which mail servers are authorised to send emails on their behalf. By listing these servers in an SPF record, receiving mail servers can verify if an incoming email comes from an authorised source. If the email fails the SPF check, it can be marked as spam or rejected.

 

DKIM (DomainKeys Identified Mail):

 

DKIM adds a digital signature to each outgoing email, which can be verified by the receiving mail server. This ensures that the email content has not been altered in transit. The DKIM signature is created using a private key, and the corresponding public key is published in the DNS records. If the signature is valid, the email is considered legitimate.

 

DMARC (Domain-based Message Authentication, Reporting, and Conformance):

 

DMARC builds on SPF and DKIM by providing a way for domain owners to specify how to handle emails that fail these checks. DMARC policies can instruct receiving servers to quarantine, reject, or accept emails based on the results of SPF and DKIM checks. Additionally, DMARC generates reports that provide insights into email traffic and any authentication failures, helping domain owners monitor and improve their email security.

 

Case Studies and Real-Life Examples

 

Several businesses have fallen victim to impersonation attacks, leading to significant financial and reputational damage. For example, a manufacturing company lost £170,000 due to an email spoofing attack. The company's managing director received an email that appeared to be from their solicitor, requesting a transfer of funds. However, the email was sent by an attacker who had compromised the solicitor's email server. As a result, the funds were transferred to the attacker's account, and the company never recovered the money.

Another case involved a food supplier that lost £250,000 to a typosquatting attack. The attacker altered the supplier's email domain slightly and sent fraudulent invoices to the supplier's clients. The clients, believing the emails were legitimate, paid the invoices, transferring funds to the attacker's account.

These cases highlight the importance of implementing robust email security measures to prevent such attacks.

 

Steps to Safeguard Your Business

 

To protect against impersonation attacks, businesses should implement the following steps:

 

Inventory of Sending Sources:

 

Identify all the services that send emails on behalf of your domain, including marketing platforms, CRM systems, and internal email servers. This ensures that you have a comprehensive list of all legitimate email sources.

 

SPF and DKIM Configuration:

 

Ensure that SPF and DKIM are correctly set up for your domain. For SPF, create a record that lists all authorised mail servers. For DKIM, configure your email servers to add digital signatures to outgoing emails and publish the public key in your DNS records.

 

DMARC Record Creation:

 

Create a DMARC record in the DNS for your domain. Start with a monitoring policy (p=none) to collect data on email traffic and authentication results without affecting your current email flow. This allows you to identify any issues before enforcing stricter policies.

 

Analyse Reports and Adjust Policy:

 

Analyse DMARC reports to identify legitimate and illegitimate email sources. Use this data to adjust your SPF and DKIM configurations and gradually move to a stricter DMARC policy (quarantine or reject). This helps ensure that only authenticated emails reach their intended recipients.

 

Ongoing Monitoring and Management:

 

Regularly monitor DMARC reports to stay updated on your email security. Continuously adapt to new email sources and tactics used by impersonators. Email security is not a set-it-and-forget-it solution; it requires ongoing management to stay effective.

Impersonation attacks pose a significant threat to businesses, but they can be mitigated with the right email security measures. By implementing DMARC, SPF, and DKIM, businesses can protect their email communications, prevent unauthorised use of their domains, and maintain the trust of their clients and partners. Regular monitoring and management of these protocols are essential to stay ahead of evolving cyber threats. Taking these proactive steps will help ensure that your business is not an easy target for impersonation attacks.

Picture: a graphic showing an icon of an envelope, to indicate email. Image Credit: Unsplash

Article written by Francis West | Published 29 October 2024

Share


Related Tags


Related Articles

Outdated Technology is Costing the Public Sector £45 Billion a Year

One in four digital systems used by central government are outdated, costing the public sector £45 billion in productivity savings. This figure equates to paying...

 Read Full Article
Security Everywhere – Cyber Security Essentials Q&A Part Three

In Part 3 of our cyber security Q&A, Sheldon Reynolds talks us through the danger of reusing passwords and what happens on the dark web.  According to data...

 Read Full Article
Security Everywhere – Cyber Security Essentials Q&A Part Two

In Part 2 of our Q&A with cyber security expert Francis West, we discuss simple actions we can all take to be more cyber safe, what to do if you receive a suspicious...

 Read Full Article
Security Everywhere – Cyber Security Essentials Q&A Part One

Learn more about the realities of cyber crime in this Q&A with cyber security expert Francis West. From Whatsapp fraud to investment scams, cyber crime has...

 Read Full Article
UK Data Centres Designated as Critical Infrastructure

UK data centres are now classed as critical national infrastructure, the same status associated with energy supply, water supply, transportation, health and...

 Read Full Article
Worldwide IT Outage – What We Know So Far

A major IT outage caused major disruptions at airports, GP surgeries, and retail stores. Computer systems across the world crashed, experiencing the “Blue...

 Read Full Article
Reported Ransomware Incidents in UK Doubled in 2023

A Freedom of Information request has revealed that there was a resurgence in ransomware-related incidents following a quieter 2022.   In the first six months...

 Read Full Article
Spotlight Interview – Francis West | Security Everywhere

Francis West is CEO of Security Everywhere, a company which helps SMEs to secure their money, data and reputation with managed security services. Francis is a trusted...

 Read Full Article
Interserve Fined £4.4m for Failure to Keep Staff Details Secure

The UK’s IT security watchdog has fined Interserve for breaching data protection law and failing to prevent a cyber attack. The Information Commissioner’s...

 Read Full Article
How to Identify and Address IoT Security Weaknesses

Data-driven facilities management is now the expected norm, but security concerns about IoT systems still remain amongst FMs and tenants. The Internet of Things (IoT)...

 Read Full Article