Impersonation attacks surge by 400%: Study
This simple method of attack is being exploited at an alarming rate as it can be used to dupe recipients into initiating wire transfers and sending back other sensitive data leading to significant financial loss
MUSCAT: The number of impersonation attacks detected this quarter rose by more than 400 per cent quarter over quarter, in comparison to the data initially reported in the February 2017 Email Security Risk Assessment (ESRA).
Impersonation attacks consist of social engineering of heavy emails that attempt to impersonate a trusted party, such as a C-level executive, employee or business partner.
This simple method of attack is being exploited at an alarming rate as it can be used to dupe recipients into initiating wire transfers and sending back other sensitive data leading to significant financial loss—as evidenced by the widely publicised recent attacks, according to Mimecast.
Mimecast is a leading email and data security company, and it released on Monday the latest quarterly release of Mimecast ESRA.
In fact, a public service announcement issued by the United States’ Federal Bureau of Investigation (FBI) stated that between October 2013 and December 2016, business e-mail compromise scams resulted in a total loss of more than US$5.3 billion. Between January 2015 and December 2016 alone, there was a 2,370 per cent surge in identified exposed losses.
In its second quarterly assessment, Mimecast found that both known and unknown attacks, as well as spam, are continuing to get through incumbent e-mail security systems. In addition and of particular concern, are emails that contain no malware, and instead rely on duping recipients into re- sponding to a request that usually involves sending the attacker money or highly monetisable data.
These points were addressed in a January 2017 commissioned Forrester Consulting study entitled, “Closing the Cloud Security E-mail Gap,” which recommended that organisations engage with a trusted third-party security vendor to more effectively close the gap in their e-mail security.
This latest ESRA reflects findings from inspecting inbound email for more than 44,000 users over a cumulative 287 days received by participating organisations. In aggregate, to date more than 40 million e-mails have been inspected by Mimecast, all of which had already passed through the incumbent email security vendor or cloud email service in use by each organisation.