Why Executive Impersonation Attacks Must Be On Your Hit List

Brands and executives work hard to build a solid reputation, reach a loyal customer base, and develop a unique voice. That’s why impersonation attacks are extra painful, as cybercriminals take advantage of all that hard work and claim it as their own. Here’s how to protect your brand from executive impersonation on social media and beyond. 

Spot the Differences: Understanding Impersonation Attacks 

Impersonation attacks use different online channels to mimic brands, people, or both. In today’s world, we use social media, email, and other forms of online communication to get in touch with nearly anyone. Each channel is an opportunity for cybercriminals to exploit organizational vulnerabilities and pretend to be the company or executive in question. 

According to IBM, the average phishing attack can cost brands up to $4.65 million, making it one of the costliest attacks currently known to security experts. When it comes to impersonation-focused phishing attacks, every person the company employs or collaborates with must be vigilant. The FBI explains that impersonation attacks are widespread, “Due to the sheer number of people using brand-name services and the level of trust and legitimacy associated with these companies.”

There are a few types of impersonation attacks worth noting:

• Brand impersonation: Cybercriminals mimic the company itself, creating online assets designed to appear legitimate and drive traffic and sales away from the brand and towards the scam. 
• Executive impersonation: Cybercriminals pretend to be a person working at the company, typically in a leading position. They may create fake profiles and contact other executives, business partners, or customers to execute their social media fraud. 
• Customer Service impersonation: For this type of attack, cybercriminals use fake chats and profiles to convince audiences that the brand’s actual customer service is here to offer assistance. In doing so, they gain access to people’s information and funds. 

How can you make sure you are on top of impersonation attempts? Contact us to find out

A Hard Look in the Mirror: What Makes Impersonation One of Brands’ Biggest Problems 

What do cybercriminals have to gain from impersonation attacks? In a word, plenty. 

• Funds transfers: Executive impersonation, social media fraud attacks, and other forms of impersonation phishing give cybercriminals a way to ask victims to wire money based on false pretense. They may ask for payments, salaries and budgets using fake personas.   
• Data access: Chatting with a cybercriminal often includes attempts to extract information that enables them to reach personal funds. When impersonating Customer Service representatives, for example, cybercriminals will “help” customers recover their credentials by asking a series of questions and then use this information to access their accounts. 
• Network access: The business version of this attack uses brand and executive impersonation to reach data that can be used to access the company’s databases. A fake email from a manager to the IT department can ask for such access data. 
• Fraudulent sales: Cybercriminals impersonating brands or executives can offer fake company goods and services to unsuspecting customers, receiving payment without delivering anything in return. 

Executive impersonation is on the rise everywhere, with one piece of research indicating that in 2020, around 7000 company CEOs were impersonated within only six months. Cybercriminals  use social media fraud methods, and malicious email, to name just two methods. They easily create a fake profile and continue tweaking it to imitate their chosen target. Following the target’s behavior online improves the impersonation level. When the profile is as accurate as possible, cybercriminals  reach out to company employees, partners and customers and execute their malicious plan. 

The One and Only: Protecting Your Brand From Impersonation Attacks 

Security expert Dirk Jan Koekkoek rightfully said that, “The work on brand impersonation protection is never entirely done.“ Companies should educate and train employees, investing in prevention methods that stop attackers before reaching critical data or funds. 

By promoting team collaboration around this issue and embracing strong threat hunting capabilities, brands will fend off attackers’ attempts. The process involves monitoring multiple online arenas using AI-based threat mapping tools to detect and prevent impersonation attacks. By addressing all relevant participants and utilizing advanced technologies, security teams can ensure the brand remains like no other in every way. 

Want to learn more and stop impersonation attacks before they cause harm?