Impersonation attempts by cybercriminals on the rise

Wednesday, 06 December, 2017

There has been a sharp increase in the number of malwareless impersonation attacks, according to a new report from Mimecast.

The company’s most recent email security risk assessment (ESRA) test results have highlighted the continued challenge of securing organisations from malicious attachments and spam, particular the number of impersonation attacks incumbent email security solutions are unable to stop.

Most organisations are concerned about malware being the main risk to their email-related security posture, but this result reveals an increased risk of impersonation attacks as compared to attacks leveraging malware. Mimecast reported impersonation attacks, which rely on duping recipients into wiring the attacker money or highly monetisable data, rose almost 50% quarter over quarter. Emails with malware attachments or dangerous files types, combined, only increased about 15%. Missed impersonation attacks were seen to occur more than seven times as often as missed email-borne malware.

These findings follow a recent PhishMe study that found approximately two-thirds of IT executives surveyed had dealt with a security incident originating from a deceptive email.

“Impersonation attacks are an easy and effective way to dupe unsuspecting victims by gaining trust through a combination of social engineering and technical means,” said Ed Jennings, chief operating officer at Mimecast.

“This latest ESRA report reveals that many email security providers are leaving organisations very vulnerable to these often hard-to-detect impersonation attacks. Cybercriminals know that many traditional email security services are improving their ability to stop email-borne malware, but remain ineffective against impersonation attacks.”

The latest ESRA reflects findings by inspecting the actual inbound email of almost 100,000 users over a cumulative 631 days received. These organisations used a variety of common email security systems. More than 55 million emails to date have been inspected as part of the Mimecast ESRA program, all of which had passed through the organisation’s incumbent email security vendor. Completed ESRA assessments have found more than 12,400,000 pieces of spam, 9055 emails containing dangerous file types, 1844 known and 691 unknown emails with malware attachments, and 18,971 impersonation attacks missed by incumbent providers and delivered to users’ inboxes.

Image credit: ©stock.adobe.com/au/Mila Gligoric

Follow us on Twitter and Facebook