resource
What is Online Brand Impersonation?
Online brand impersonations are unauthorized instances of your brand that appear online. Impersonations involve various tactics to build trust and deceive victims, utilizing popular channels to tailor and distribute scams.
OVERVIEW
Any brand can be hijacked and used as part of an online brand impersonation scam. At Allure Security, we see numerous examples of small businesses targeted by brand impersonation attacks.
Fraudsters can take advantage of trust in brands, from playground equipment makers to large financial companies. Larger companies like Amazon, Microsoft, Apple, and Google are more attractive targets for fraudsters. This is because they have many users and large amounts of data.
Brand impersonation is a risk for the target. Users can download malware, or they can reveal personal information. You can use this information to access financial resources and corporate networks. It can also cause other problems for the target.
However, brand impersonation also harms the brand used in the attack. Brand impersonation damages the trust and relationships that brands build online. This can lead to fewer customers and lower revenue. Victims often turn to brands they trust more.
Common Characteristics of
Online Brand Impersonation
E-Commerce and online accounts
Spelling and grammar mistakes
Trusted relationships
Emails and domains
Fabricated situation
Example of a Brand Impersonation Email
Spoofed Display Name
A display name in an email presents an alternative to listing the domain name. A display name helps show who the sender is when the email address is unclear. For example, the display name of “Allure Security Customer Support” is more evident to the recipient than “support.customer@alluresecurity.com”.
A phishing email can use the display name tool. It creates a name that looks like a real brand.
This can happen even if the email domain is different. On mobile platforms, the recipient might only see the display name. This makes it harder to spot the scam. Checking the email domain underlying the display name could signal a spoof.
Misspellings & Grammar
Legitimate brands employ consistent tone and style in their communications. If you get a message from a brand that has misspellings or mistakes, it could be a brand impersonation attack.
Phishing messages often contain these careless mistakes for two reasons. First, many are not native English speakers and may not realize their error. Second, cybercriminals operate at scale and maybe writing dozens of these messages simultaneously. This increases the likelihood of mistakes.
Suspicious Link
Hover the mouse cursor over the link in the email or communication. Most platforms will then display the URL behind the anchor text of the link. If the URL originates from an unexpected domain or otherwise looks suspicious, it probably is. Reconsider clicking on the link and instead contact the provider using a different, official channel.
Sense of Urgency
A sense of urgency is the most crucial element of any phishing or brand impersonation scam. The fraudster will present a crisis with dire consequences if the target does not act immediately.
The crisis could threaten the target professionally, personally, or financially, but the key is that the target themselves must be the one to act.