In the first six months of 2020, companies lost £58 million to impersonation scams in the United Kingdom (proving that imitation isn’t always the sincerest form of flattery).
Impersonation attacks are a highly targeted form of spear phishing where cybercriminals pose as a trusted person or organisation to defraud a business out of data or money. Impersonation attacks via email are a sophisticated and effective way of achieving business email compromise.
What is an impersonation attack?
An impersonation attack is a type of spear phishing scam. Attackers pose as a known or trusted contact to trick an employee into transferring money or sharing sensitive information, like intellectual property or payroll data.
Social engineering is what makes impersonation attacks so successful. Criminals bypass the need for malware by crafting credible emails to trick their victims.
The scams are generally directed at newer employees who aren’t familiar with company procedures. New starts may also be less inclined to ask questions if they receive unusual emails from their boss.
In other instances, attackers will target those with the authority to transfer money or access sensitive data — particularly employees in financial departments. Scammers will search company websites and professional networking sites to identify targets.
How do they impersonate people?
Attackers will then sneak into their target’s inbox via two main methods: spoofing an email address or taking over the email account.
Email spoofing
Email spoofing is where attackers create a fake email address that looks very similar to the one they’re impersonating and alter the display name to make it appear legitimate.
Account takeover
Account takeover is more difficult to spot. Attackers use spear phishing to get their hands on login credentials and hack into an executive’s account. They then use the legitimate account to masquerade as the executive and trick employees into handing over private information.
Who do phishers impersonate?
- An influential person within the organisation: Attackers often impersonate a CEO or senior executive to convince other executives or lower-level employees to follow their instructions without hesitation.
- A well-known brand: Cybercriminals took advantage of the pandemic to impersonate popular brands like Zoom and Microsoft in 2020.
- A third-party vendor: Attackers sometimes pretend to be suppliers to trick employees into paying fraudulent “overdue” invoices.
Report

How to recognise an impersonation attack
Modern spear phishing attacks are highly targeted, making them harder to detect. There are some tell-tale signs you should look out for to detect these scams:
Urgent tone
Attackers want their victims to act without thinking. With added pressure and urgent language, employees are more likely to act on instinct without analysing the context of the situation. This is particularly true if the orders are coming from senior executives in the company.
Unusual requests
Organisations will have procedures in place to ensure the utmost confidentiality of their data. If you receive an email request that doesn’t align with normal company processes, seek verification before sending data or transferring money. It could be a scammer hoping to catch you off guard.
Emphasis on confidentiality
Attackers will use words like “private”, “confidential” and “secret” in their scams to prevent you from discussing the email with colleagues. Knowing how important confidentiality is for organisations these days, this tactic is usually successful.
Incorrect email address
If scammers use email spoofing to get into your inbox, they may alter the display name to make it appear legitimate. To reveal the actual address URL, hover over the display name or if you’re using mobile, press and hold the display name. It may be an entirely different address, or it could be a lookalike email with slight spelling variations. Look twice before replying.
Remember, you can’t spot an account takeover attack using this method, so keep an eye on other possible signs of impersonation before reacting.
How to avoid an impersonation attack
To stay fully protected against impersonation attacks, organisations must adopt a multi-layered approach to email security.
Employ an email security solution
Impersonation attacks are sophisticated phishing scams that can bypass traditional spam filters. Email solutions like Egress Defend are the only way to keep your organisation protected against sophisticated impersonation attacks like account takeover.
Egress Defend uses machine learning to analyse the content and context of an email to prevent inbound spear phishing threats. It identifies suspicious emails and flags them for employees with real-time guidance on why there’s a threat, transforming employees into cybersecurity assets.
Provide cybersecurity training
Your employees are another defence barrier against phishing scams, but they can quickly become a risk if not armed with the right information.
All new employees joining the company should receive training on how to detect a phishing attack and what to do if they fall victim to one. Regular training sessions are also a good idea, as attackers regularly update their scams to trick unsuspecting victims.
By giving your employees the knowledge to prevent cyberattacks, you can promote a culture of cybersecurity and stay one step ahead of cybercriminals’ schemes.
Use a company domain
Generic domains like gmail.com or yahoo.com can be a cybersecurity nightmare for organisations. They’re easier to impersonate and give scammers a direct route into your inbox. Using a company email domain gives you an extra layer of security against impersonation attacks.
Set up standard operating procedures
A set of standard operating procedures related to emails, in general, can reduce the risk of a successful phishing attempt.
For example, you can make it mandatory for employees to verify all email requests internally before providing sensitive information or making a wire transfer. Without this rule, employees may not feel confident disclosing certain email requests — especially if they claim to be private or urgent.
Learn more about phishing threats
Impersonation attacks are just one way cybercriminals can sneak into your inbox. Learn more about other cyberattacks in our phishing hub, and explore helpful advice to keep your organisation protected.