
Blog
Rise Of Email Impersonation
3rd February, 2025
Written by: Kyle M., member of the Onca Technologies Team
Picture this: It’s 16:45 on a Friday afternoon, and your eyes are glued to the clock on your computer monitor as time creeps towards 17:00. The office numbers are dwindling as people log off for the weekend, and you’re exhausted having endured a long week of meetings and deadlines, and that’s just the half of it.
A notification pops up – it’s an email from your boss, marked ‘urgent’.
Your boss tells you that they’re in a Teams meeting and need you to transfer £5,000 from the business account to the provided bank details immediately to close a deal. Since you’re an account admin, and it’s typical for your boss to be in meetings at all hours, you action the transfer without hesitation – after all, time is of the essence. You breathe a sigh of relief as the clock shows 17:00, and you log off for the weekend.
Except… that wasn’t your boss.
The scenario may read as an exaggerated work of fiction, but in essence, it’s far from it. Email impersonation and phishing – the two most successful forms of cyber-attack that have targeted UK businesses and charities in 2024 – are on the rise. As hybrid work arrangements grow and generative AI technologies become more sophisticated, the threat of email impersonation will only increase.
What is Email Impersonation?
Email impersonation is the act of manipulating an email address, display name, and profile to imitate trusted individuals or organisations with the intent to trick a victim into opening malicious links, divulge personal information, or transfer funds. Many email impersonators will request funds in the form of gift cards as they are non-traceable.
Cyber criminals use a form of manipulation known as ‘social engineering’ to enact their operation. Social media sites, such as LinkedIn, are useful for sharing personal life updates and achievements that keep us socially connected, but they equally act as a goldmine of information ready to be leveraged by cyber criminals. For example, if a company welcomes a new employee on their LinkedIn via a social media post, information such as the name, job position, and tenure of the employee could easily lead an opportunist to find the employee’s executive’s contact details and profile picture on the company website, subsequently allowing the threat actor to target the new employee by spoofing their executive’s email address. After finding a target, cyber criminals can form sophisticated social engineering attacks with ease using AI tools to personalise and automate the operation.
Cyber criminals are calculated in how they approach social engineering by exploiting cognitive biases that are intrinsic to the human condition. Cyber criminals are more likely to impersonate an authority figure within the victim’s organisation, such as a manager or executive, not only because their contact information is easier to find online, but also to exploit authority bias. How we perceive and act upon information is highly influenced by the opinion and judgement of authority figures, which leads to obedient behaviour. If an authority such as an executive tells us to do something, most do so with trust that it is the right decision even if it contradicts our internal reasoning.
Furthermore, it’s socially ingrained from a young age that disobeying authority inevitably leads to repercussions. The fear of consequence is amplified with the urgent tone used in impersonation emails, which, in turn, can inhibit critical thinking as a victim is made to feel that they will be in trouble with their employers for delay or defiance.
After all, if an urgent request for money or account access came from someone at the same level or lower in an organisation’s hierarchy, such as a colleague or an intern, it would immediately raise suspicion.
How do you protect against Email Impersonation?
Crucially, preventing the success of email impersonation is becoming increasingly challenging in the era of hybrid working. Communication barriers between staff in different physical locations prevents the ease to which employees can discuss suspicious emails in office conversation, making it easier for cyber criminals to target individuals within an organisation.
To combat this, fostering a culture of caution is essential to preventing agentic obedience. Always confirm requests with the supposed sender through a separate communication channel, such as a new email or a direct phone call. Additionally, thoroughly check key details, such as the sender’s name and email domain, for inconsistencies. These simple steps can help protect your organisation from financial losses, reputational harm, and the embarrassment of falling victim to a preventable attack.
Our expert team at Onca Technologies specialises in advising and implementing robust organisational strategies, including DMARC email authenticator protocols, which are essential to counter domain spoofing in tandem with SPF and DKIM authenticators. An SPF authenticator is a curated directory of employees used to check whether the use of the email domain has been sent from an approved server (the guestlist), a DKIM authenticator is a digital signature that confirms the email came from the organisation’s domain (ID), and DMARC prevents fraudulent emails from reaching an employee’s inbox if the checks are failed (the bouncer).
Onca Technologies proudly offer a tailored DRP service to monitor and mitigate threats, safeguard sensitive data, and protect your organisation’s reputation and lifespan. No matter the danger ahead, we’ve got your back.