Online Brand Impersonation chris October 16, 2024
resource

What is Online Brand Impersonation?

Online brand impersonations are unauthorized instances of your brand that appear online. Impersonations involve various tactics to build trust and deceive victims, utilizing popular channels to tailor and distribute scams.

OVERVIEW

Any brand can be hijacked and used as part of an online brand impersonation scam. At Allure Security, we see numerous examples of small businesses targeted by brand impersonation attacks.

Fraudsters can take advantage of trust in brands, from playground equipment makers to large financial companies. Larger companies like Amazon, Microsoft, Apple, and Google are more attractive targets for fraudsters. This is because they have many users and large amounts of data.

Brand impersonation is a risk for the target. Users can download malware, or they can reveal personal information. You can use this information to access financial resources and corporate networks. It can also cause other problems for the target. 

However, brand impersonation also harms the brand used in the attack. Brand impersonation damages the trust and relationships that brands build online. This can lead to fewer customers and lower revenue. Victims often turn to brands they trust more.

“How do I keep the brand clean when I don’t control where the brand is being used?”
DAVID MCLEOD, VP & CISO
Screenshots of 9 phishing pages of financial institutions discovered by Allure Security

Common Characteristics of
Online Brand Impersonation

Focus
Focus

E-Commerce and online accounts

Errors
Errors

Spelling and 
grammar mistakes

Exploits
Exploits

Trusted relationships

Spoofed
Spoofed

Emails and domains

Urgency
Urgency

Fabricated situation

Example of a Brand Impersonation Email

Example of spam email
example of spam email with spoof domain
Spoofed Display Name

A display name in an email presents an alternative to listing the domain name. A display name helps show who the sender is when the email address is unclear. For example, the display name of “Allure Security Customer Support” is more evident to the recipient than “support.customer@alluresecurity.com”.

A phishing email can use the display name tool. It creates a name that looks like a real brand.

This can happen even if the email domain is different. On mobile platforms, the recipient might only see the display name. This makes it harder to spot the scam. Checking the email domain underlying the display name could signal a spoof.

example of spam email with typos and misspellings
Misspellings & Grammar

Legitimate brands employ consistent tone and style in their communications. If you get a message from a brand that has misspellings or mistakes, it could be a brand impersonation attack.

Phishing messages often contain these careless mistakes for two reasons. First, many are not native English speakers and may not realize their error. Second, cybercriminals operate at scale and maybe writing dozens of these messages simultaneously. This increases the likelihood of mistakes.

example of spam email with malicious link
Suspicious Link

Hover the mouse cursor over the link in the email or communication. Most platforms will then display the URL behind the anchor text of the link. If the URL originates from an unexpected domain or otherwise looks suspicious, it probably is. Reconsider clicking on the link and instead contact the provider using a different, official channel.

example of spam email highlighting sense of urgency
Sense of Urgency

A sense of urgency is the most crucial element of any phishing or brand impersonation scam. The fraudster will present a crisis with dire consequences if the target does not act immediately.

The crisis could threaten the target professionally, personally, or financially, but the key is that the target themselves must be the one to act.

Related Articles