Nothing fools a user like an email seemingly from someone they know. And, according to the latest data from Mimecast, the bad guys are stepping up their impersonation game.
Using context familiar to an email recipient is one of the most powerful tools available to BEC attackers. According to the Mimecast’s 2019 State of Email Security Report, the contextual value of pretending to be either a known person or company is paying off for attackers:
- 67% of orgs saw an increase in the number of impersonation attacks via email
- 88% of orgs experienced emails spoofing business partners or vendors
- Of those orgs experiencing an impersonation attack, 73% experienced a direct resulting loss
- 61% of organizations believe that an email-borne attack will result in negative business impact
Emails coming from known entities, matched with spearphishing attacks targeting specific individuals within your organization, create a scenario where the likelihood increases that one of your users will fall for a scam involving malware, ransomware, or fraud.
Protecting the organization starts with educating users via Security Awareness Training about the use of these kinds of attacks. Users should be trained to scrutinize emails – especially ones that appear to be coming from individuals or companies the user is familiar with. By educating users on how to elevate their security vigilance when interacting with emails, the organization reduces the ability for impersonation attacks to succeed.