Advanced threats are shifting once again, and you and your company will likely become the target of a new type of threat. Carefully planned and researched, impostor emails target specific people in your company. Either you become the target of this attack or you become the unwitting victim. Impostor emails do not use malware or URLs found in typical credential phishing schemes.
Impostor emails are a result of attackers shifting tactics to evade security solutions that are designed to detect malware attachments and malicious URLs, It is important to remember that impostor emails are one-off emails, not an attack campaign like Dridex. Therefore, while impostor emails happen in just about every country, their actual numbers are very small. Lack of volume makes it easier for impostor emails to get to your employees since traditional defenses generally require a sample before they are able to detect these emails.