What is User Impersonation?

In today’s world of malicious actors and their plans to weaken and infiltrate enterprise security, user impersonation is one of the methods they employ. It is very easy to understand from its name itself and is very similar to URL impersonation. The only difference is that while attackers create fake web addresses or URLs impersonating trusted brand websites in URL impersonation, user impersonation involves attackers actually pretending to be a trusted person. This can be a user, employee, executive, vendor, or customer, so that they gain access to systems, data, money, or confidential information. To appear convincing, the attacker typically uses stolen credentials, fake email accounts, social engineering, or compromised identities.

Such attacks can happen through various ways, including phishing, spear phishing, stealing credentials, compromising actual business/official emails, or unauthorized use of valid accounts. Sometimes, the organization under attack may find it difficult to even detect or recognize it because the attacker is impersonating a known person.

Like any attack, even user impersonation has warning signs: unusual requests, urgent language, unexpected payment instructions, login attempts from unknown locations, changes to email rules (just for that moment) , and messages that do not match the sender’s usual behavior. Organizations can reduce user impersonation risks by using multi-factor authentication, identity and access management, email security, user behavior analytics, security awareness training, and privileged access controls.

More About Cloud