What is Impersonation in Cybersecurity?
Impersonation is one of the most commonly used social engineering techniques used by hackers and cybercriminals to commit fraud, steal private data or gain access to restricted networks and systems.
The classic impersonation attack involves a hacker who pretends to be a trusted friend, colleague or business associate of the target in hopes of tricking them into divulging sensitive data or sending fraudulent payments.
But in 2021, impersonation attacks have evolved to take advantage of the ever-expanding public attack surface. They now include fraudulent communications (email, telephone, voicemail, and SMS), as well as spoofed domains, fake social media accounts and fraudulent apps.
How Does an Impersonation Attack Work?
Impersonation attacks are difficult for SecOps teams to defend against, in part because cybercriminals use diverse strategies to target different points in the public attack surface. Despite the variation in impersonation attacks today, these attacks all tend to follow the same basic pattern of exploiting the victim.
- Research and Victim Targeting – Hackers may use business directories, news sites, social media, and other information sources to discover potential targets for an impersonation attack. Organizations of all types and sizes have been targeted by these attacks, but the most sophisticated hackers will target organizations with valuable assets or data and comparatively lax IT security infrastructure.
- Preparing Fake and Fraudulent Assets – Once a hacker has identified a target organization, the next step is to prepare assets that will be used in the attack. The hacker might register a spoofed domain, create fake social media profiles, or launch a fake website that resembles a trusted domain. They might also create fraudulent messages that will be used to manipulate the target.
- Deploying the Attack – Once the fraudulent assets are prepared, the hacker will leverage those assets to initiate communication and attempt to defraud the target. The attacker might use social media or email to impersonate someone trusted by the target before asking them to send money or directing them to a fake website that will capture their credentials.
What are Some Impersonation Attack Examples?
Malicious actors are constantly finding new ways to implement impersonation attacks against businesses, government agencies, and individual targets. Here a just a few examples to watch out for:
Domain spoofing is a type of impersonation attack where a cybercriminal creates a replica of a trusted website with a similar domain name and user interface. The most common targets for domain spoofing attacks are financial institutions where users must login to access their account information.
Once the spoofed domain has been created, the cybercriminal can begin targeting their victims with links to the spoofed domain, along with some pretext for the target to visit the link and login to their account. When a target takes the bait, their login credentials are compromised and the cybercriminal can attempt to steal money.
Impersonating a Friend or Business Associate
Cybercriminals can impersonate a friend or business associate of the target using spoofed emails or fake social media accounts. They often choose to impersonate high-profile individuals within large companies, in hopes of targeting their employees or customers with fraudulent messages and requests.
Fake social media profiles and email accounts are easy to create, and can be used to phish, steal information, or fraudulently authorize transactions to the cybercriminal’s bank account.
Impersonating a Trusted App
Fake apps are an increasingly common form of impersonation attack in 2021. Threat actors can build a replica of a mobile banking app by copying the layout, graphics, and descriptions from the genuine app. Cybercriminals can distribute fraudulent mobile apps by spamming download links on the web, or through unregulated third-party app stores.
Just like a spoofed domain, fake mobile banking apps are designed to steal access credentials and banking information from victims.
How to Recognize an Impersonation Attack
Many types of impersonation attacks are readily recognizable for users with the right knowledge and a degree of cybersecurity awareness. The following tips can help you prepare to recognize an impersonation attack and avoid becoming a victim.
- If you receive a suspicious email, verify the source before you open it, clicking any links, or downloading any attachments. The best verification method is to contact the sender directly.
- If you receive an email from a trusted source that contains an unexpected urgent request, contact the sender directly to verify the authenticity of the email before taking action.
- Avoid third-party app stores and download apps only from trusted sources.
- Access financial institution websites by typing the URL directly into your browser. Always double-check the domain to ensure you’re on the real website before entering your credentials.
How Can ZeroFOX Help?
ZeroFOX provides enterprises protection, intelligence, and disruption to dismantle external threats to brands, people, assets, and data. Our advanced, AI-powered protection platform gives enterprises extreme visibility into the public attack surface, enabling the detection of fraudulent digital assets on social media, the deep and dark web, mobile app stores, marketplaces, and more. With ZeroFOX, your enterprise can identify, disrupt, and dismantle attacker infrastructure to shield your business and your customers from impersonation attacks.