RESOURCE
Current Online Brand Impersonation Threats
Embedded Pages in Compromised Websites
Fraudsters are embedding phishing pages within the websites of financial institutions to deceive customers and steal their sensitive information. These tactics make phishing scams harder to detect as they are hosted on legitimate, compromised websites, which lends credibility to the attack.
This type of threat poses a significant risk to financial institutions, particularly credit unions, as it undermines customer trust and increases the likelihood of successful credential theft.
Learn More:
Parked Domains
Parked domains—inactive or placeholder websites—pose a unique threat to brand protection, as cybercriminals often leverage them for phishing or scam campaigns.
Because these domains are active without page content, they can be used in a number of nefarious ways. Redirecting to malicious pages/content.
Eventually publishing malicious content on the domain itself (e.g., a phishing page)
Sending phishing emails from lookalike domains impersonating a brand.
Addressing and managing parked domains is essential for brands to protect their customers and maintain trust, preventing them from becoming entry points for fraud or deception.
Learn More:
Dynamic DNS Abuse
Cybercriminals are increasingly using dynamic DNS subdomains to conduct phishing attacks by exploiting flexible, frequently updated nature of dynamic DNS addresses to evade detection.
By using dynamic DNS, fraudsters can mask their phishing sites and create deceptive URLs that resemble legitimate ones, making it easier to lure victims into providing sensitive information.
This tactic presents a growing challenge for brand protection, as it complicates detection and takedown efforts, ultimately posing a higher risk for brands and their customers.
Learn More:
Mobile App Fraud
Mobile app fraud is a growing threat where cybercriminals create fake or malicious apps that mimic legitimate brands, deceiving users into downloading them.
These fraudulent apps often aim to steal sensitive information, spread malware, or generate revenue through deceptive ads.
For brands, mobile app fraud not only damages customer trust but also leads to potential data breaches and brand reputation issues, making vigilant app monitoring and swift takedown actions crucial for online brand protection.
Learn More:
SharkBot Mobile Banking Trojan Embedded in Banking App
What is Mobile App Fraud
Sideloading & Alternative App Stores Increasing Brand Risk
Social Media Impersonations
Social media impersonations come in the form of fake profiles, fake job listings, fake posts, and fake pages. Fraudsters impersonate both brands and higher-profile executives.
Using deception and familiarity, the idea is to lull victims into a false sense of security with the casual, familiar setting of social media. Impersonations on social media often lead to phishing websites, or are carried out on the social media platform itself.
Learn More:
LinkedIn Fakes: The Rise of Spoof Profiles
How to Protect Executives from Social Media Impersonation
How to Delete Fake X and Twitter Profiles and Posts
How to Delete Fake LinkedIn Profiles and Scams
How to Take Down Fake Instagram Threads Accounts
How to Delete Fake Facebook Accounts Impersonating Your Brand
Malvertising
Malvertising through search engine ads is a tactic where cybercriminals use paid ads to mimic legitimate brand links in search results, directing unsuspecting users to phishing sites.
This method allows fraudsters to intercept traffic intended for real brands and capture sensitive information from users who believe they are interacting with a trusted source.
Addressing malvertising is essential for brand protection, as it targets search engine users and poses a direct threat to customer security and brand reputation.
Learn More:
Google Ads as Phishing Hooks for Fraud
Fighting Search Engine Phishing: Malvertising and Bing Ads
Fraud-as-a-Service (FaaS)
The Fraud-as-a-Service storefront “Treyshop” provides cybercriminals with easy access to tools and data for carrying out fraudulent activities, including brand impersonation and identity theft.
This marketplace offers stolen credentials, phishing kits, and other resources, enabling even low-skilled attackers to launch sophisticated scams.
The emergence of such platforms lowers the barrier to entry for cyber fraud, escalating threats to brands by making it easier for criminals to impersonate them and deceive customers at scale.
Learn More:
Phishing Kits
Cybercriminals are increasingly using phishing kits—prepackaged tools designed to replicate login pages and steal credentials—to target regional banks and credit unions.
These kits make it easier for attackers to launch widespread, sophisticated phishing campaigns that deceive customers into providing sensitive information.
This threat is particularly harmful to smaller financial institutions, as it exploits customer trust and increases the risk of unauthorized access to accounts, impacting both the security and reputation of these institutions.
Learn More:
Link Shortening
Threat actors are increasingly using obscure or self-made link shortener services to disguise phishing URLs and trick users into clicking malicious links.
These custom-shortened links are harder to detect as suspicious, allowing cybercriminals to evade traditional security filters and lead users to credential-harvesting sites.
This tactic poses a significant risk to brands, as it enables attackers to carry out phishing attacks with a higher likelihood of success, threatening both customer security and brand integrity.
Learn More:
-
December 5, 2024 Credit Union in U.S. South Supercharges Takedown CampaignsDo-It-Yourself Takedown Struggles A credit union based in the southern United States supports...
-
December 2, 2024 Fraudsters Steer Clear of Federal Credit UnionSleepless Nights and Overburdened IT Teams A federal credit union managing $3.06 billion...
-
November 27, 2024 Credit Union Reduces Security Threat from ZelleIntegrating Zelle without Putting Members at Risk Financial institutions must contend with a...