Foiling Email Impersonation

Email account hijacking is a serious, growing problem.  It has become the number one way that cyber-criminals make money.  What makes it so insidious is the ease with which the hijacker can impersonate the owner of the email account.

What this means to you is this – that email you got from your boss, a close friend, a coworker, a supplier or customer may be a forgery.  What makes this difficult to detect is that the forged email is arriving from the legitimate account for the person being impersonated.  These emails often contain a request for a wire transfer of funds, or the payment of an invoice, or other request for payment.  You need to be extra vigilant for these sorts of attacks, or you may find yourself sending your hard-earned cash to fraudsters

The Naked Security blog posted an article with an interesting example of how this scam works.  A grape grower in New Zealand had her email account hijacked.  The hijacker sent a payment request for $90,000 to a vintner who the hijacker knew (from reading her emails over time) owed her the money.  The impersonated email claimed there was a problem with the regular bank.  Would the vintner please send the payment to her “new” bank.  The vintner noticed some differences in the email that were unusual for the grape grower, and phoned her to confirm the request.

Here is a list of things to notice when you are reading emails from people you know.  These may be an indication that the sender’s email account has been hijacked, and the email sent by an impostor.

  • A request for money, whether in the form of wire transfer, invoice, or EFT payment.  even if you know the charge is legitimate, you may want to call the sender to confirm the details.  Replying by email won’t work – the hijacker is reading the inbox, remember!  Pick up the phone or send a text message.
  • A change in banks may be another clue that there is some chicanery afoot.  This is another detail that ought to be confirmed by phone call
  • A change in diction, language, or writing style should be a clue.  We all have a style when we are communicating.  Changes in style can indicate a fraud.  Look to see if your sender is unusually stiff or formal, or suddenly a little more casual than usual.  Are they using longer or different words, or longer or shorter sentences?  Any unusual spelling errors?  Strange grammatical choices?  These are good ways to detect an impersonation.
  • Changes in habits can be another red-flag.  Does the sender usually CC a partner, colleague or assistant?  Is that CC missing on your email?  Do they usually sign their email a certain way, or use emojies?
  • Changes in format may indicate a problem.  Is there a change in font size or typeface?  Is a logo or other form of trade dress missing from the message?  This may be an email from an imposter.

The point here is that when you get an email from someone you know well, it should be fairly obvious that there are unusual differences between the fake email and the dozens of emails from the sender you have read before.  Pay attention the the warning signs and the cyber-criminal will not be able to take advantage of you.



About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.