Impersonations are increasingly more common, sophisticated and targeted. Below are the most common impersonation attempts you should watch out for.
Who wouldn’t respond to a request from their boss? Many times, attackers don’t use complex tools or technology to try and trick you or your employee to wire money, send W2s, give up account credentials, etc.
They simply research both you and your employees or superior by checking out social media accounts like Facebook, LinkedIn, or your company’s “About” section.
From there, they craft the perfect email (or string of emails) that looks like it’s legitimately from a trusted source. These messages typically do not contain malicious links or attachments, making them very difficult to detect with traditional email security solutions.
Almost every business uses some sort of web-based application to help manage day-to-day workloads and tasks.
Attackers are well aware of this and target trusted web services like Gmail or DocuSign as a way to lure unsuspecting victims. These attacks often try to get you to give up account credentials or click on malicious links.
For example, you may receive an email informing you that you have unread messages, to reset your password, or to review or sign a document. From there, you’re taken to a fake website portal and accidentally give up your login information.
These crooks will then use this to commit fraud or to launch a more targeted attack within your organization.
Most businesses use Microsoft’s popular cloud productivity service; however, popularity can sometimes be a bad thing.
There’s an inherent trust from users when they see an email directly from Office 365, and attackers are capitalizing on this trust.
They craft emails that ask you to log into a seemingly “valid” web portal. From there, they can gain access to your account and proceed to send malicious emails to co-workers/employees.
What do these particular emails usually contain? You guessed it—a message asking for more sensitive company information or money. Even though Microsoft Office 365 is still a relatively new tool, attackers recognize that it houses a rather large and growing user base, so they plan on taking full advantage.
Barracuda Sentinel is a cloud service that utilizes AI to stop spear phishing and cyber fraud in real time. The service combines three powerful layers of artificial intelligence, domain fraud visibility and protection using DMARC authentication, and fraud simulation training for high-risk individuals inside an organization. It integrates directly with Office 365 via API, so there is no impact on network performance or user experience, and setup typically takes less than five minutes. Barracuda Sentinel works alongside any existing email security solution, including Barracuda Essentials, Exchange Online Protection, and others.