28 Jun What’s Worse than a Bad Impersonator?
A Good Impersonator! Who’s your favorite impressionist? Kate McKinnon? Angela Hoover? Jim Meskimen? Impressionists, also known as impersonators or mimics, make us laugh with their uncanny imitation of famous politicians and celebrities. Dana Carvey’s long-ago take on GHW Bush was classic (“start with a little Mr. Rogers and add John Wayne”), and his Jimmy Stewart was brilliant! Some impersonators are not funny, however. They are criminals that impersonate vendors. As IT departments have hardened their perimeters and companies are increasingly alert to internal business email compromise (BEC), sophisticated threat actors have shifted tactics. According to Abnormal Security, a cybersecurity company, by May 2022, 52 percent of all BEC attacks are now external, surpassing internal impersonations. Vendor Email Compromise Internal impersonations are those emails that appear to be from the company CFO or CEO urgently requesting accounts payable to pay a vendor. Those types of “social engineering” attacks, which play on human emotions, are common. But just as likely now, cybercriminals will approach a company externally in the guise of a legitimate vendor. This “financial supply chain compromise” is a subset of BEC. Also called vendor email compromise or VEC, it is often more sophisticated. Criminals work diligently and patiently, first to breach a vendor,...