Spear Phishing Impersonation Attacks Take on New Tactics to Become More Convincing and Effective

Spear Phishing Impersonation AttacksAs part of Business Email Compromise attacks, spear phishing now plays a material role, with impersonation sitting firmly at the core of their social engineering tactics… in more ways than one.

The combination of spear phishing and impersonation is dangerous; it implies that the cyber criminals have done their homework and will be using details familiar (in some cases, personally familiar) to their victim to create the illusion of legitimacy.

According to new details in GreatHorn’s 2021 Business Email Compromise Report, these threat actors are finding success in mixing Business Email Compromise with spear phishing. Of all the BEC attacks analyzed in this report:

  • 49% spoofed the sender’s display name
  • 18% used a look-alike domain
  • 10% used an external or vendor compromised email account
  • 4% used an internal compromised email account

But to add to the legitimacy, details familiar to the recipient were used, including:

  • Company name (68% of attacks)
  • Recipient name (66%)
  • Boss/Manager name (53%)
  • Customer or client name (49%)

It’s evident that cyber criminals are spending a lot of time identifying the right potential victim and attempting to learn as much about them, their position in the organization, and who they do business with, in order to commit fraud at the end of the BEC attack.

The only way to survive these kinds of attacks is to education users with Security Awareness Training about the need to scrutinize sender email addresses in detail, as well as the financial request being made anytime it is unexpected. Otherwise, the bad actors are going to eventually pull one over on your staff that will cost the organization dearly.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews