One Article Review
Accueil - L'article:
Source AlienVault.webp AlienVault Blog
Identifiant 466646
Date de publication 2018-02-08 14:00:00 (vue: 2018-02-08 14:00:00)
Titre How Dangerous are Impersonation Attacks?
Texte Amongst the types of cyber attacks happening, impersonation attacks are an interesting evolving category. Such attacks are generally targeted at corporate employees. The attack is executed by sending an email to the target in which the sender attempts to masquerade as a trusted source. This is done in order to gain access to target’s sensitive information, such as financial data. The U.S. Federal Bureau of Investigation (FBI) has warned businesses about this growing threat and has estimated that such attacks have caused losses of approximately $5.3 billion globally. A common example of impersonation attacks is Business Email Compromise (BEC) or "CEO fraud" that continues to manipulate companies by using false identities. This can severely damage a company’s reputation. This blog from last year explains BEC in detail. Why are Impersonation Attacks Hard to Detect? The major reason these attacks are difficult to be detected by users is ignorance and lack of attention to detail. Let’s understand this through an example: Below is the same email address written twice, how fast can you spot the one with some error? eeryaeel@reveantivirus.com eeryaeel@reventivirus.com It is hard to figure out the irregularity, especially when you have a hectic schedule at work and many distractions. How are Impersonation Attacks Constructed? Finding the Target With the help of social engineering techniques, attackers look for potential victims. Facebook, LinkedIn and Twitter profiles are easiest mediums for attackers to collect information about their target. Name, email address, school, job title, short bio, job duties, location, etc. can be easily fetched by attackers from target’s social media accounts. Social engineering, which requires very little technical skill, can typically get attackers an unbelievable amount of information about the victim, freely available online. Creating Credibility Now, as the attacker has a significant amount of the target’s information in hand, the next step is to build credibility. Again, social engineering is an effective way to set the stage for the attack. The attacker will try to figure out who to impersonate. It could be the victim’s boss, one of his colleagues or someone close to him. Close friends can be found on Facebook, and people tend to be very trusting if they think they are dealing with close friends. Through the company website and social media pages, the attacker can easily pick the person to impersonate. Executing the Attack The final and the most important step is to choose a type of attack. Below mentioned are top 3 tactics used by attackers: By Registering a Look-Alike Email Domain The attacker can register a similar email domain and create a new email ID using a similar name to the person being impersonated. The attacker sends an email message to the target asking them to respond urgently. For instance, impersonating the target’s boss, the attacker creates an email id Smith@reventivirus.com  and asks the victim to make urgent payment for an invoice attached with the message.   Editing the Display Name The majority of the mobile email clients only show the display n
Envoyé Oui
Condensat 2020 about access account accounts address advanced again alike all also amongst amount another any approximately are are generally asking asks attached attachments attack attacker attackers attackers: attacks attacksthrough attempts attention available online awareness beat bec been before being below billion bio blog boss both build bureau business businesses but by using can careful carefully cases category caused ceo chances check choose clients close colleagues collect com com  combating common companies company company’s compromise conclusion constructed containing content continues contributes corporate could create creates creating credibility cyber damage dangerous data dealing desktop detail details detect detected difficult display distractions domain done duties easiest easily easy edit editing edits eeryaeel@reveantivirus eeryaeel@reventivirus effective email emails employees engineering error especially estimated etc everyone evolving example example: executed executing explains eye facebook falling false fast fbi federal fetched figure filtering final financial finding follow forward found fraud free freely friends from gain game gartner get given globally gmail good growing hand happening hard harmful has have having hectic help help in helps him his how however identities ignorance immediate impersonate impersonated impersonating impersonation important including increasing indicates information instance interesting investigated investigation invoice irregularity job lack last less let’s like linkedin little location locked look losses lot major majority make makes malicious manipulate many masquerade media mediums mentioned message messages method mobile most name need new next not now official one only order out pages payment people per person pick point potential practice primary proactive profiles proper providing quite reason receiver reduces register registering reliable remain replying reputation requires respond safe same schedule school security send sender sending sends sensitive set severely short should show shown significant similar skill smith@reventivirus social some someone source spam spot stage step success such suspicious tactic tactics target target’s targeted targeting task technical techniques tend them these think threat through title top training trap trend trusted trusting try twice twitter type types typically unbelievable understand urgent urgently urls used users using very victim victim’s victims warned way website when which who why will work written xyz@gmail yahoo year
Tags
Stories Yahoo
Notes
Move


L'article ne semble pas avoir été repris aprés sa publication.


L'article ne semble pas avoir été repris sur un précédent.
My email: