Anatomy of Online Brand Impersonation chris October 10, 2024
resource

Anatomy of Online Brand Impersonation

Online brand impersonations are unauthorized instances of your brand that appear online. Most important, spoofs involve tactics to build trust and deceive victims, utilizing popular channels to tailor and distribute scams.

graphic of tablet navigating applications

Channel

Medium used to distribute scam messages

Man standing out in the crowd

Theme

Deceptive personas used to solicit sensitive information

phishing for credentials

Phishing Technique

Approach used to scam sensitive information

graphic of tablet navigating applications

Channel

Impersonators turn popular communication channels into attack vectors. Consequently, any communication platform can become a tool for delivering brand spoofs.

Email is still a common way for fraudsters to attack. Fraudsters can easily create phishing emails and send them out quickly.

People can easily change email addresses to trick the target. Subsequently, people can misuse email domains, copy email signatures, and hide links. A scammer only needs the target’s email address to start the attack. This information is often available publicly.

Voice-phishing (“vishing”) attacks are commonplace and do not require a phone. Often, they are performed using an auto-dialer or VoIP system (E.g., Google Voice, TextNow).

Phone call scams may seek to deprive the target of the ability to think calmly by creating a false sense of urgency. This immediate pressure disrupts logical thinking to solicit sensitive information from victims more effectively. 

Commonly known as smishing, attacks often use short links sent through text messages. By design, this makes it hard to see where they lead and if they are safe.

These shortened links are often accompanied by messages evoking panicked, urgent action in attempts to disrupt logical reasoning.

 

The delivery method tricks users into downloading a rogue mobile application, believing it to be legitimate.

Scammers purchase fake ads and target them at people. They look like they come from a trusted source. However, they mislead victims to a harmful brand impersonation.

Fake ads appear on social media and in search results. Oftentimes, scammers will hide the real brand’s website using tracking tags. This makes it harder for some detection software to find them.

Someone creates a fake website to trick people into thinking it is the real site of a trusted brand or organization.

Social media offers direct messaging that allow fraudsters to reach their targets easily. This helps them start social engineering schemes.

Social media also provides another vehicle for fraudulent advertisements to target and fool unsuspecting users.

Man standing out in the crowd

Themes

Generally, fraudsters imitate familiar people from organizations customers interact with regularly. Often presenting to the individual with a faux "urgent matter", requiring the user to share sensitive information. Online Brand impersonations will take on any persona that might snare the victim's attention.
Financial Institutions

People often pretend to be from banks, credit card companies, and other financial institutions. This is a common method used to steal personal information and account details.

Delivery Services

A common trick is when someone pretends to be a package delivery company. They say you cannot deliver a package without credit card or payment information.

Bill Collectors

Frausters can pretend to be creditors or collectors. They may threaten to cut off service if you don’t pay the bill right away. They often ask for payment information.

Technical Support

When a fraudster impersonates the technical support team of an organization, they use that brand to trick customers. They may, for example, ask customers for login credentials under the guise of resolving a technical issue.

E-Commerce

Due to their transactional nature, e-commerce sites are popular targets of brand impersonation. Users come in to make purchases with their credit card and financial information. Brand impersonators set up fake shops or pretend to be support team members. They ask for personal information to fix recent issues.

Job Offer

Brand impersonators might act like they are part of the recruiting team. They reach out to potential candidates using fake social media accounts or phishing emails. Job candidates are eager to reply to requests from the organization. They hope to get a job, and someone can take advantage of this eagerness.

Legal Entity

The relationship between legal representatives and their clients is a special one that contains an expectation of confidentiality. The brand impersonators use that trust to solicit sensitive information from victims.

Employee or Executive

A common strategy in is to impersonate an employee or executive from an organization. Employees have few motivators stronger than a direct request from an executive at the company or a trusted colleague.

Law Enforcement

Impersonating a law enforcement officer is a crime. However, cybercriminals still use this authority to pressure targets into sharing information. They may pose as a local officer or even a federal agent.

phishing for credentials

Phishing Techniques

These are the various methods scammers use to get the target to reveal sensitive data. Fraudsters may use multiple techniques in their Online Brand Impersonation.
Email Phishing Techniques

Email Phishing

These are fraudulent emails that appear to be sent from a legitimate source. Types of sources include banks, service providers, or companies.

Spear Phishing

A more targeted form. Attackers customize messages to individuals or organizations, often using personal information to make the attack more convincing.

Whaling

Targeted phishing, also known as spear phishing, focuses on high-profile people. This includes executives, CEOs, and other top officials in an organization.

Phone and Mobile Phishing Techniques

Vishing

Phishing conducted over the phone. Attackers impersonate legitimate entities to extract personal infor such as credit card numbers or Social Security numbers.

Man in the Middle Phishing

Cyberattack where a hacker intercepts communication between a user and a legitimate service to steal sensitive info.

Smishing

A social engineering attack uses fake text messages. These messages trick people into downloading malware and can lead to sharing sensitive information.

Mobile Applications

Fraudsters will post fake, outdated, or altered versions of a brand's official app on third-party marketplaces. Additionally, they can place malware into the phony version.

Website Phishing Techniques

Pharming

It sends users from a real website to a fake one. This occurs even if someone types the right URL. Bascially, It takes advantage of weaknesses in DNS servers or the user's system.

Search Engine Phishing

This involves making fake websites that show up in search engine results. In reality, these these sites often look like real ones. The goal is to trick users into giving their personal information.

Malvertising

The use of online advertisements to distribute malware or redirect users to phishing sites. These ads may appear on legitimate websites.

Pop-Up Phishing

This involves using pop-up windows on websites that look like real login prompts or alerts. These pop-ups trick users into entering their credentials or downloading malware.

Social Media Techniques

Angler Phishing

Attackers impersonate customer service accounts or other official entities on social media platforms to trick users into revealing sensitive information.

Related Articles