Spear Phishing – Recognizing an Email Imposter


Video Transcript:


Email is the easiest way to successfully accomplish a cyber attack, and hackers are really skilled at using it. And they’re getting more sophisticated with their methods all the time. Here’s one real example to show just how clever hackers or bad actors as we like to call them, can be. Cindy, who manages accounts payable and fulfills invoices is responsible for reviewing and approving invoices at her company. Once an invoice is approved, she sends the invoice to Janet on her team for payment.

Unknown to Cindy, bad actors have hacked her computer and created a shadow Cindy to operate from her email. The hackers now have access to Cindy’s email including past vendor emails with invoices to be paid. These bad actors now create an imposter invoice, changing the payment amount due and banking information for payment receipt. The hackers impersonate Cindy and send the invoice to Janet from Cindy’s email stating the invoice is approved for payment. Janet, seeing nothing out of the ordinary workflow between her and Cindy, proceeds to pay the invoice.

The money is paid and the hackers receive the funds. At this point, it becomes nearly impossible to track the money down and recover it. And unfortunately, many banks will not offer services to help recover lost funds in this situation. In fact, even if Janet had a hunch something was amiss, the hackers had created a folder on Cindy’s email account that was hidden from Cindy, yet visible to the hackers. So if Janet had emailed Cindy to question the invoice, the hackers would have responded as Cindy and confirmed the invoice was approved to pay.

Any online scammer will almost always follow established workflows and paths. It’s one of their favorite tricks. And email is low hanging fruit as many companies do not employ simple, low cost security measures to protect their employees email accounts. Making it easy for hackers to get into email and act as puppeteers. They then freely access email and workflows without causing any suspicion at all.

While the right IT security can help filter out hackers and their antics, your company’s employees will always be the best defense against cyber attacks, especially through email. Training them to have a security mindset will help protect sensitive company data. For a great example of how easy it is for hackers to set up a spear phishing site, you can reference the excellent video by Cyberlada and the link will be in the description. Hackers are getting more and more sophisticated. Cyber attacks continue to be on the rise with small businesses.

The target of 43% of all attacks. And data shows that the average impact of a data breach on organizations with fewer than 500 employees is a whopping $3,301,000 Bad actors or hackers increasingly target small to midsize businesses since these businesses are less likely to have the right security measures in place to protect their email and company data. They may also be lacking the right cyber security insurance policies for protection in the event of a cyber attack. Adding even more risk is the fact that employees are not often trained to be on the lookout for cyber attacks, especially through email, A hacker’s favorite point of entry. In fact, 47% of small to mid sized businesses have fallen victim to a cyber attack.

And 46% are unsure how to manage the risks of such attacks. Even more unsettling is the fact that 60% of small businesses that become the target of a cyber attack will go out of business within 6 months. Again, this is a real scenario. And these types of attacks happen all the time and are increasing at an alarming pace. Want to avoid a cyber attack like this on your business?

The good news is that simple measures can prevent major loss. Let us provide you with a complimentary security analysis to see where your company and its data are at risk. A few simple measures combined with staff training can go a long way in protecting your company and its data.

Table of Contents


Our goal is to reinvent the managed IT experience for growing Arizona businesses through a partnership with no long-term commitments, technology options that are flexible to meet your needs and infrastructure and strategy that position your technology as a competitive advantage.

Download Our Price Sheet