resource
Anatomy of Online Brand Impersonation
Online brand impersonations are unauthorized instances of your brand that appear online. Most important, spoofs involve tactics to build trust and deceive victims, utilizing popular channels to tailor and distribute scams.
Channel
Email is still a common way for fraudsters to attack. Fraudsters can easily create phishing emails and send them out quickly.
People can easily change email addresses to trick the target. Subsequently, people can misuse email domains, copy email signatures, and hide links. A scammer only needs the target’s email address to start the attack. This information is often available publicly.
Voice-phishing (“vishing”) attacks are commonplace and do not require a phone. Often, they are performed using an auto-dialer or VoIP system (E.g., Google Voice, TextNow).
Phone call scams may seek to deprive the target of the ability to think calmly by creating a false sense of urgency. This immediate pressure disrupts logical thinking to solicit sensitive information from victims more effectively.
Commonly known as smishing, attacks often use short links sent through text messages. By design, this makes it hard to see where they lead and if they are safe.
These shortened links are often accompanied by messages evoking panicked, urgent action in attempts to disrupt logical reasoning.
The delivery method tricks users into downloading a rogue mobile application, believing it to be legitimate.
Scammers purchase fake ads and target them at people. They look like they come from a trusted source. However, they mislead victims to a harmful brand impersonation.
Fake ads appear on social media and in search results. Oftentimes, scammers will hide the real brand’s website using tracking tags. This makes it harder for some detection software to find them.
Someone creates a fake website to trick people into thinking it is the real site of a trusted brand or organization.
Social media offers direct messaging that allow fraudsters to reach their targets easily. This helps them start social engineering schemes.
Social media also provides another vehicle for fraudulent advertisements to target and fool unsuspecting users.
Themes
People often pretend to be from banks, credit card companies, and other financial institutions. This is a common method used to steal personal information and account details.
Delivery Services
A common trick is when someone pretends to be a package delivery company. They say you cannot deliver a package without credit card or payment information.
Frausters can pretend to be creditors or collectors. They may threaten to cut off service if you don’t pay the bill right away. They often ask for payment information.
When a fraudster impersonates the technical support team of an organization, they use that brand to trick customers. They may, for example, ask customers for login credentials under the guise of resolving a technical issue.
Due to their transactional nature, e-commerce sites are popular targets of brand impersonation. Users come in to make purchases with their credit card and financial information. Brand impersonators set up fake shops or pretend to be support team members. They ask for personal information to fix recent issues.
Brand impersonators might act like they are part of the recruiting team. They reach out to potential candidates using fake social media accounts or phishing emails. Job candidates are eager to reply to requests from the organization. They hope to get a job, and someone can take advantage of this eagerness.
The relationship between legal representatives and their clients is a special one that contains an expectation of confidentiality. The brand impersonators use that trust to solicit sensitive information from victims.
A common strategy in is to impersonate an employee or executive from an organization. Employees have few motivators stronger than a direct request from an executive at the company or a trusted colleague.
Impersonating a law enforcement officer is a crime. However, cybercriminals still use this authority to pressure targets into sharing information. They may pose as a local officer or even a federal agent.
Phishing Techniques
Email Phishing Techniques
Email Phishing
These are fraudulent emails that appear to be sent from a legitimate source. Types of sources include banks, service providers, or companies.
Spear Phishing
A more targeted form. Attackers customize messages to individuals or organizations, often using personal information to make the attack more convincing.
Whaling
Targeted phishing, also known as spear phishing, focuses on high-profile people. This includes executives, CEOs, and other top officials in an organization.
Phone and Mobile Phishing Techniques
Vishing
Phishing conducted over the phone. Attackers impersonate legitimate entities to extract personal infor such as credit card numbers or Social Security numbers.
Man in the Middle Phishing
Cyberattack where a hacker intercepts communication between a user and a legitimate service to steal sensitive info.
Smishing
A social engineering attack uses fake text messages. These messages trick people into downloading malware and can lead to sharing sensitive information.
Mobile Applications
Fraudsters will post fake, outdated, or altered versions of a brand's official app on third-party marketplaces. Additionally, they can place malware into the phony version.
Website Phishing Techniques
It sends users from a real website to a fake one. This occurs even if someone types the right URL. Bascially, It takes advantage of weaknesses in DNS servers or the user's system.
This involves making fake websites that show up in search engine results. In reality, these these sites often look like real ones. The goal is to trick users into giving their personal information.
The use of online advertisements to distribute malware or redirect users to phishing sites. These ads may appear on legitimate websites.
This involves using pop-up windows on websites that look like real login prompts or alerts. These pop-ups trick users into entering their credentials or downloading malware.
Social Media Techniques
Attackers impersonate customer service accounts or other official entities on social media platforms to trick users into revealing sensitive information.
Related Articles
-
How to Remove Rogue Mobile ApplicationsTo remove rogue mobile applications (an unauthorized version of your mobile app) from...
-
Zelle Fraud: How to Protect Customers and BrandsSince its launch, the peer-to-peer payment application Zelle has become immensely popular. In...
-
How to Handle Parked DomainsWhat is a Parked Domain? Many brands are unsure about parked domains with...
-
How to Takedown Fraudulent WebsitesWebsites imitating and misrepresenting your brand can lead to your customers and prospects...
-
How to Protect Executives from Social Media ImpersonationRecently, a number of brands have approached our threat response team about social...
-
How to Delete Fake LinkedIn Profiles and ScamsBelow we explain how to report: Inaccurate information listed on a profile Fake...