What are the 3 types of dangerous email impersonation attacks you should beware of?

Published on
September 25, 2025

Email Impersonation Attacks Are on the Rise

The cost of Business Email Compromise (BEC) totaled more than $50 billion over a nine-year period ending July 2019, according to the FBI. Meanwhile, email security vendor Barracuda recently found that almost 90 % of email attacks use impersonation – either of a brand (83 %) or a person (6 %). Another vendor reported that phishing attacks that impersonate senders have increased by 25 % over the last year.

These facts are connected. Learn how you can prevent email impersonation attacks so you don’t have to worry about the statistics.

What Is an Email Impersonation Attack?

An email impersonation attack (also known as spoofing) is when a cybercriminal pretends to be someone you trust in order to trick you into:

  • Giving up sensitive information
  • Transferring money
  • Clicking on malicious links

It’s like a digital wolf in sheep’s clothing.

BEC is a type of spear-phishing attack that relies on impersonation to fool the recipient into believing the message came from a trusted sender. Instead of luring someone into clicking a malicious link or entering credentials, BEC messages aim at direct extraction of value – fake invoices, bank instructions, or payroll redirections.

Example:

Imagine you get an email from your boss asking you to urgently transfer funds to a new vendor. It looks legitimate, even with a matching signature. That gut feeling could be your saving grace.

Almost all email attacks involve impersonation, but BEC is unique because these emails rarely contain malicious content detectable by traditional email security systems. Attackers exploit emotion (urgency, authority, panic) to bypass rational checks.

Types of Email Impersonation Attacks

There are three main types of sender impersonation attacks:

1. Exact-Domain Attack

  • Uses the exact company domain in the “From” field.
  • Global Cyber Alliance estimates 5–15 % of BEC attacks fall in this category; others estimate up to 60 %.
  • These spoofed messages often impersonate executives to request wire transfers or sensitive employee data.

2. Untrusted-Domain Attack

  • Also called lookalike, cousin domains, homograph, or typosquatting.
  • Example: 1bm.com instead of ibm.com.
  • Hard to spot, especially on mobile clients where the full From: address may be hidden.

3. Open-Signup Attack

  • Uses legitimate sender names but messages are sent from throwaway accounts (e.g., Gmail, Yahoo).
  • Hard to block since organizations can’t simply block all mail from popular free providers.

Put an End to Impersonation Emails

What’s needed: robust sender identity validation.

  • DMARC (Domain-based Message Authentication, Reporting, and Conformance) stops exact-domain attacks.
  • At enforcement, DMARC ensures only authorized senders can use your domain.
  • For untrusted-domain and open-signup attacks, enterprises need a sender-identity platform that only allows trusted senders into inboxes.

👉 Check your Email Security Score

Without proper protection, impersonation attacks will continue to cause billions in losses.

Quick Takeaways

  • 90 % of email attacks involve impersonation.
  • $50 billion in BEC losses since 2010s.
  • Three main techniques: exact-domain, untrusted-domain, open-signup.
  • DMARC enforcement blocks exact-domain spoofing.
  • Sender-identity solutions are needed beyond DMARC.
  • Continuous monitoring + automated enforcement are key to resilience.

FAQs

  1. What’s the difference between DMARC enforcement and monitoring?
    • Enforcement rejects unauthenticated emails.
    • Monitoring only reports them.
  2. How can I detect lookalike domains?
    • Use domain-lookalike detection tools to scan for typographic variations.
  3. Why are open-signup attacks hard to block?
    • They come from legitimate free-mail providers like Gmail.
  4. What steps should IT teams take to mitigate BEC?
    • Implement DMARC enforcement
    • Train employees
    • Adopt a sender-identity validation platform
  5. Can Palisade help me improve my email security score?
    • Yes – the Palisade Email Security Score tool evaluates your authentication posture and gives actionable steps.

📘 For a deeper dive, read our guide on email authentication best practices at Palisade.

Published on
September 25, 2025
Author
Samuel Chenard - Founder & CEO
Email Performance Score
Improve results with AI- no technical skills required

Related articles

Latest insights and expert advice

How can you check and improve your email domain reputation?

Are DMARC Failure Reports Worth the Trouble for Your Email Security?

What are the key differences between spear phishing and phishing in 2025?

All posts

What are the 3 types of dangerous email impersonation attacks you should beware of?

Published on
September 25, 2025
Table of Contents
This is also a heading
This is a heading
Contributors
No items found.
Subscribe to our newsletter
Read about our privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Email Impersonation Attacks Are on the Rise

The cost of Business Email Compromise (BEC) totaled more than $50 billion over a nine-year period ending July 2019, according to the FBI. Meanwhile, email security vendor Barracuda recently found that almost 90 % of email attacks use impersonation – either of a brand (83 %) or a person (6 %). Another vendor reported that phishing attacks that impersonate senders have increased by 25 % over the last year.

These facts are connected. Learn how you can prevent email impersonation attacks so you don’t have to worry about the statistics.

What Is an Email Impersonation Attack?

An email impersonation attack (also known as spoofing) is when a cybercriminal pretends to be someone you trust in order to trick you into:

  • Giving up sensitive information
  • Transferring money
  • Clicking on malicious links

It’s like a digital wolf in sheep’s clothing.

BEC is a type of spear-phishing attack that relies on impersonation to fool the recipient into believing the message came from a trusted sender. Instead of luring someone into clicking a malicious link or entering credentials, BEC messages aim at direct extraction of value – fake invoices, bank instructions, or payroll redirections.

Example:

Imagine you get an email from your boss asking you to urgently transfer funds to a new vendor. It looks legitimate, even with a matching signature. That gut feeling could be your saving grace.

Almost all email attacks involve impersonation, but BEC is unique because these emails rarely contain malicious content detectable by traditional email security systems. Attackers exploit emotion (urgency, authority, panic) to bypass rational checks.

Types of Email Impersonation Attacks

There are three main types of sender impersonation attacks:

1. Exact-Domain Attack

  • Uses the exact company domain in the “From” field.
  • Global Cyber Alliance estimates 5–15 % of BEC attacks fall in this category; others estimate up to 60 %.
  • These spoofed messages often impersonate executives to request wire transfers or sensitive employee data.

2. Untrusted-Domain Attack

  • Also called lookalike, cousin domains, homograph, or typosquatting.
  • Example: 1bm.com instead of ibm.com.
  • Hard to spot, especially on mobile clients where the full From: address may be hidden.

3. Open-Signup Attack

  • Uses legitimate sender names but messages are sent from throwaway accounts (e.g., Gmail, Yahoo).
  • Hard to block since organizations can’t simply block all mail from popular free providers.

Put an End to Impersonation Emails

What’s needed: robust sender identity validation.

  • DMARC (Domain-based Message Authentication, Reporting, and Conformance) stops exact-domain attacks.
  • At enforcement, DMARC ensures only authorized senders can use your domain.
  • For untrusted-domain and open-signup attacks, enterprises need a sender-identity platform that only allows trusted senders into inboxes.

👉 Check your Email Security Score

Without proper protection, impersonation attacks will continue to cause billions in losses.

Quick Takeaways

  • 90 % of email attacks involve impersonation.
  • $50 billion in BEC losses since 2010s.
  • Three main techniques: exact-domain, untrusted-domain, open-signup.
  • DMARC enforcement blocks exact-domain spoofing.
  • Sender-identity solutions are needed beyond DMARC.
  • Continuous monitoring + automated enforcement are key to resilience.

FAQs

  1. What’s the difference between DMARC enforcement and monitoring?
    • Enforcement rejects unauthenticated emails.
    • Monitoring only reports them.
  2. How can I detect lookalike domains?
    • Use domain-lookalike detection tools to scan for typographic variations.
  3. Why are open-signup attacks hard to block?
    • They come from legitimate free-mail providers like Gmail.
  4. What steps should IT teams take to mitigate BEC?
    • Implement DMARC enforcement
    • Train employees
    • Adopt a sender-identity validation platform
  5. Can Palisade help me improve my email security score?
    • Yes – the Palisade Email Security Score tool evaluates your authentication posture and gives actionable steps.

📘 For a deeper dive, read our guide on email authentication best practices at Palisade.