Can you trust that e-mail?

Many users are aware of the threat posed to them by cybercriminals, when they are online, in the form of suspicious e-mails. While it may be easy to spot and delete a suspicious e-mail that promises an opportunity or gift that is too good to be true, experts have noted that the real threat comes from well prepared hackers in the form of 'impersonation attacks'.
Impersonation attacks consist of social engineering heavy e-mails that attempt to impersonate a trusted party such as a C-level executive, employee or business partner. This simple method of attack is being exploited at an alarming rate as it can be used to dupe recipients into initiating wire-transfers and sending back other sensitive data leading to significant financial loss.
As an example, Mohamad Amin Hasbini, senior security researcher at Kaspersky Lab, highlighted the recent case of the 'Operation Ghoul' attackers, that impersonated EmiratesNBD to infect and rob 19 organisations in UAE. The attacks were carried out through e-mails that were made to resemble a payment document from the bank.
"We found that the group behind this campaign targeted mainly industrial, engineering and manufacturing organisations in more than 30 countries. In total, over 130 organisations have been identified as victims of this campaign," he said. "The attackers try to lure targets through spear phishing e-mails that include compressed executables. The malware collects all data such as passwords, keystrokes and screenshots, then sends it to the attackers." 
Kaspersky Lab's study in 2016 found that the most frequent type of impersonation used by attackers is pretending to be a third-party supplier or service provider. 
"The goal of most attackers, regardless of how they go about their business, is to steal user data," says Ghareeb Saad, senior security researcher at Kaspersky Lab. "That could be in small, discrete attacks on individual users or it could be in large-scale compromises of popular websites or financial databases. The methods may change, but the aim is the same."
Smaller businesses, he added, are often the targets of generic phishing attempts impersonating service providers and submitting fake invoices/payments. Attempts against larger businesses can be far more tailored, impersonating customers or even senior staff.
Such attacks are becoming more widespread in recent years. Mimecast's Email Security Risk Assessment (ESRA) found the number of impersonation attacks detected this quarter rose more than 400 per cent quarter over quarter. This latest ESRA reflects findings from inspecting the inbound e-mail for more than 44,000 users over a cumulative 287 days received by participating organisations. The test also uncovered almost nine million pieces of spam, 8,318 dangerous file types, 1,669 known and 487 unknown malware attachments and 8,605 impersonation attacks.
"Cybercriminals are constantly adapting their attack methods. For instance, this latest ESRA analysis reflects how impersonation attacks are getting through existing e-mail security defenses at an alarming rate," said Ed Jennings, chief operating officer at Mimecast. "E-mail security providers need to ensure they're doing their due diligence to protect customers from new attacks, whether they be advanced or simple."
Ray Kafity, vice president, Middle East, Turkey & Africa at Attivo Networks, added that impersonation attacks are one of the most reported cybercrimes today, and that organisations often employ a combination of tactics to try to mitigate the risks posed by them. "It typically starts with educating employees and implementing best practices around the proper use of e-mail and the practice of clicking on embedded (web/file) links. They also frequently use URL filters, IP blacklists, and reputation feeds to try to prevent connections to or from sites that are known to be bad and the source of attacks, including spear phishing." - rohma@khaleejtimes.com