An impersonation attempt came across our service board and we thought we would give you the heads up!
Impersonation attempts (attacks) are emails that attempt to impersonate a trusted individual or company to gain access to corporate finances or data.
Example:
The perpetrator is relying on your lack of attention to details. Listed below are the details they are hoping you will miss.
Detail #1: The Email Address
These pond-scum will create email addresses to mimic the real address hoping you won’t notice the difference.
Example:
Real Address - john.doe@coolcompany.net
Fake #1 – john.doe@gmail.com
Fake #2 – john.doe@coolcommpany.net
Let’s not forget the use of hidden characters! The underlining from a hyperlink make these hard to catch.
Fake#4 – john.doe@çoolcompany.net
Detail #2: The Well-Crafted Email
An impersonator will spend as much time and resources as possible to research the person they are attempting to impersonate. A quick search of a company’s website will usually present names and titles of the employees. From there, cross reference to find social accounts like LinkedIn and Twitter. Now the scammer can use posts or a profile to study the victims writing style and gather personal information such as travel habits or a favorite football team. The email will be crafted based on the research gathered, and they want you to do something for them like click on a link or transfer money.
Detail #3: The Signature
Most imposters may not have access to a targets actual email signature, so they create one they feel will generate the least amount of suspicion. They may copy the company logo from the website to create credibility.
|
Real Signature:
John Doe, CFO
Cool Company
123-456-7891
“Insert a cheesy quote here”
|
Fake Signature:
John
|