1 year ago

An impersonation attack is a type of targeted https://www.upguard.com/blog/phishing where a malicious actor pretends to be someone else or other entities to steal sensitive data from unsuspecting employees using https://www.upguard.com/blog/social-engineering tactics. This is called a https://www.upguard.com/blog/business-email-compromise, in which the threat actor tricks the target into making a financial transfer or giving up important information.

In contrast to mass email phishing attacks that end up in the spam folder, impersonation attacks (or spear phishing attacks) are highly sophisticated and targeted attacks.

Email-based phishing attacks can be distinguished by how they're executed: https://www.upguard.com/blog/business-email-compromise — An attack impersonates a business email account CEO fraud — A type of impersonation attack that impersonates a high-ranking executive of a company and targets one of their own employees https://www.upguard.com/blog/whaling-attack — A type of attack that targets high-value individuals

A cousin domain impersonation attack is when an attacker creates a false company website or email nearly identical to official organization websites using the wrong domain codes.