you receive an email that looks as if it came from a trusted and well-known brand. For example, you might receive an email that appears to be coming from PayPal, and that email can notify you to reset your password, for instance. These emails are deceiving because they are well-crafted and look just like the emails you've received from PayPal in the past, complete with logo and everything.
Phishing has been an issue plaguing businesses for a long time. However, the main problem with it is the fact that the problem is growing. The latest data tells us that one in every 99 emails is a phishing email, and with the billions of emails sent every day, the problem truly becomes mind-bogglingly big.
What's interesting here is that there are a lot of different phishing scams out there. Fraudsters and other cybercriminals keep creating more sophisticated attacks. One of those is brand impersonation – a phishing scam, known as the subtype of the widespread business email compromise (BEC) scam that most businesses know.
Let's talk more about brand impersonation. After reading this, we hope you gain the necessary knowledge about this increasingly damaging cyberattack and equip yourself to protect your company against these threats.
What Is Brand Impersonation?
In regular BEC scams, you, or some other high-ranking person in your company receives an email that appears to have been sent by a reliable source from inside your organization. However, with brand impersonation scams, you receive an email that looks as if it came from a trusted and well-known brand. For example, you might receive an email that appears to be coming from PayPal, and that email can notify you to reset your password, for instance. These emails are deceiving because they are well-crafted and look just like the emails you've received from PayPal in the past, complete with logo and everything.
What Are the Most Impersonated Brands?
The most impersonated brands are financial services, with them accounting for around 40% of all brand impersonation phishing emails.
The most impersonated brand overall is PayPal, with more than 11,000 unique phishing URLs. However, it's quickly followed by other brands, including Facebook, Microsoft, Netflix, WhatsApp, the Bank of America, CIBC, Desjardins, Apple, and Amazon. Naturally, these are only the top ten, and there are many more well-known brands that are constantly impersonated by cybercriminals, targeting both consumers and businesses alike.
How to Protect Your Company from Brand Impersonation Scams
Protecting your company from brand impersonation attacks involves more or less the same things as with BEC scams. However, everyone in your company needs to be extra vigilant as people are usually quick to trust emails coming from reputable brands like PayPal and the Bank of America. You need to be watchful of the common red flags in these emails:
- Very generic greetings
- An overwhelming sense of urgency you feel from the entire email
- An altered sender's email address
- Spelling errors or grammar errors, even the smallest ones
- Request for giving, confirming, or changing sensitive information (no reputable brand does this over the email unless you request it)
All in all, everyone in the company needs to be careful with these types of emails, but you also need to be ready to update your protection software. With a robust email security service, you can ensure your entire organization is sufficiently protected from all malicious emails, as most of them, no matter how new they are, will be blocked from ever reaching your people.
AnubisNetworks is a company that develops email security solutions. Our Mail Protection Service protects against ransomware, spam, business email compromise (BEC), spoofing and phishing. MPS is based on AnubisNetworks Threat Intelligence ecosystem, which enables detection and avoidance of the latest and most advanced cyber threats.