Brand Impersonation is a kind of phishing attack where attackers claim to be from a product/service that is known. They send out malicious content-containing emails. These emails appear like a well-known bank, credit card company, an e-commerce site, or even an organization of the government.
The number of phishing sites identified per week has increased dramatically from 3,800 in November 2007 to 49,696 in November 2017, according to Google’s Transparency Report 2018.
Reasons of Brand impersonation
- Use the login credentials of the target to view financial details and enable transfers of funds.
- Stealing personal information to offer to others, such as address or phone number.
- Ruin the confidence of the clients of a service provider by paying fake dues to them.
Four types of Brand risks
- Domain Infringement- Adversaries file web domains that are identical to your existing domain names, including typo squats and domain squats. They also use these in attacks to collect phishing, ransomware, or passwords.
- Spoof Company Social Media Profiles- Having social media accounts set up to mimic organizations is all too normal, often to influence customers. These spoofs typically take the form of bogus help accounts that threaten to dupe clients by clicking on malicious links or exposing their credentials.
- Spoof VIP Profiles- This is a similar approach to fake profiles on social media, although here the spoofs are the staff themselves. Nonetheless, when critics use these identities to conduct persuasive Business Email Compromise (BEC) initiatives, the goals are distinct.
- Spoof, rogue or malicious mobile applications- While mobile device use continues to grow, companies are moving to mobile applications. Sadly, cybercriminals also build smartphone spoof apps trying to capture their details.
How do Hackers impersonate a brand ?
- Source Forgery- Source forgery refers to the process in which an email fakes the ‘ From ‘ code. Hackers will easily manipulate an email’s ‘ From ‘ address to make it look real.
- Links- Product impersonation phishing attacks will have links inserted in the email designed to look trustworthy to click on the potential target. Hackers create false connections to make such ties look genuine.
- Domains Lookalike- Hackers purchase domains that appear like a recognized brand’s domain. This encourages the effectiveness of client impersonation attempts by hackers.
Brand Impersonation Strategies for Defense
- Two-factor authentication- Integrate security measures and higher-level access for all the online portals and accounts. Keep criminals with two-factor authentication from infiltrating your network, significantly reducing the chance of a successful direct attack on your servers.
- Website SSL- Help customers decide more quickly whether they have landed with SSL certification on a valid, official website belonging to your company.
- Communication- Include a security policy in consumer-facing newsletters, on your social media accounts, and the web, along the lines of “Brand XYZ will never message you to request information about your customer username or payment card”.
Use Anti Phishing Services: Using Anti phishing services will help you monitoring and tracking your brand related activities over the internet and helps with defending against spamming and infringement.