Email phishing continues to be one of the biggest threats companies continue to face. Cisco reported in 2021 that 90% of all data breaches occurred from a phishing attack. With its prevalence and ability to hit hard when successful, safeguarding against phishing attacks is crucial to your business’ health.
Impersonation and spoofing are the two main forms of phishing attacks aimed at employees. While the two terms seem interchangeable, they refer to very similar but fundamentally different methods of attack. If it tricks a computer, it’s a spoofing attack. If it tricks a human, it’s an impersonation attack.
Domain spoofing is a popular phishing method in which a threat attacker will “spoof” a domain with the intention of impersonating a trusted figure, organization, or site. Spoofing is a technical process, which involves modifying the header of an email to give a different sender ID and address than the actual one. The benefit of a technical-based attack is, if protocols are configured correctly and proper preventative measures are in place, email security solutions that have Secure Email Gateways built in can detect these spoofed emails and block and quarantine them, averting disaster.
Domain impersonation, on the other hand, is a bit different. Rather than relying on tech, the success of domain impersonation attacks usually comes down to human error. Either through a person having a lapse in judgment or making the wrong decision and opening an email and clicking on a malicious link or file.
Attackers go to great lengths to impersonate emails, making them look legitimate – though usually there are some giveaways. In the past, having staff trained against the dangers of impersonation and other cyberattacks was the only preventative tactic, but more and more companies are developing AI-based and communication-based strategies that can pick up on the signs a sender and their email is being impersonated – and alert the end-user and admins.
Solutions that tackle these issues are AI and machine learning technology, DMARC, SPF, and DKIM configurations, language and sender analysis, SEGs, and more.
It must be noted that not every vendor on this list offers a single consolidated measure that tackles both issues. More often, vendors will have two separate products that can be deployed together, or some vendors only offer products that target one or the other. This list makes distinctions as to what vendor provides what kind and level of solutions.