Protecting from Brand Impersonation Attacks

Brand impersonation is nothing new, but with more businesses focusing on their online presence, it’s much more common than it was years ago. Most people know that phishing threats involve impersonating legitimate companies using email messages with embedded links that bring the user to a malicious web page. Brand impersonation works similarly, but it is a much more sophisticated attack using credential theft and phishing.

In either scenario, cyber-criminals use legitimate businesses to trick users. This attack extends to other businesses as well. A sophisticated attack targets employees of your business to trick them into divulging sensitive information or downloading malware. It’s a difficult threat to stop, because businesses can’t control a third-party malicious group of cyber-criminals using publicly available brand logos and marketing materials.

 

Common Types of Brand Impersonation Scams

Most common brand impersonation scams send messages to as many people as possible, but a few sophisticated attacks focus on specific people within an organization in the form of a spear-phishing attack. Not every scam is based on a popular corporate brand. Some scams use government agencies or promises to send products after providing information to the scammer.

A few common brand impersonation scams:

• Tech support scams: Cyber-criminals use legitimate companies (e.g., Microsoft) and claim to be a part of their tech support warning users about malware on their computer. Instead of protecting their computers, the criminals install malware including keyloggers to steal network credentials.
• Vendor scams: Using fraudulent invoices, attackers trick employees into paying fake invoices or divulging information about their customers. In some scenarios, an attacker pretends that they offer a service and trick employees into installing malware.
• Refund scams: Common services bill using a subscription, so scammers call targeted victims to ask if they want to cancel their subscription and receive a refund. They then convince victims to divulge sensitive information including bank details to steal money from them.
• Law enforcement scams: Pretending to be a law enforcement agent, an attacker calls a targeted victim explaining that their vehicle was involved in criminal activity. Attackers convince targeted victims to pay restitution to resolve the issue using gift cards or direct transfers.
• Job recruiter scams: Scammers use fake job posts to convince targeted victims into sending a resume and divulging their sensitive information.

For many of these scams targeting individuals, scammers convince targeted victims into sending money and gift cards. For employees of businesses, the goal is to convince targeted victims into installing malware or divulging sensitive information such as their network credentials.

In every scenario – whether it’s targeting individuals or business employees – the attacker’s goal is to steal money or data from the targeted victim. Data might seem like a useless target, but it can be sold numerous times on darknet markets. With a large data breach, an attacker could earn a seven-figure payout selling the information. The way data is stolen could be directly from a network compromise or by stealing credentials using brand impersonation phishing messages.

 

 

How Brand Impersonation Works

To put brand impersonation into action, the scammer needs a way to contact users. The most common is with a phishing email. The message usually includes the brand’s logo and even links to official brand pages. However, the message usually conveys a sense of urgency and tells the targeted user that they need to send a response to the attacker or click a link to find out more. Usually, the message tells the user that they must go to the link to fix an account issue or risk being banned.

The sense of urgency is to get targeted users to forget any cybersecurity awareness training they’ve had to think about the message and realize that it’s a scam. It might sound like a silly strategy, but it works. Phishing and brand impersonation are commonly successful, especially since an attacker only needs one person within a business to fall for the malicious message.

Text messages are also commonly used as a way to bypass email cybersecurity. Attackers know that many businesses have email cybersecurity that filters out malicious messages with malware attachments or malicious embedded links. To bypass this hurdle, attackers use text messages. Phone numbers for employees can be found on the corporate website, or an attacker might simply call the office and ask for a way to contact an employee. Using a text message, attackers have a higher chance of having their malicious link displayed to the user.

Links in text messages often promise users tangible products in exchange for their credit card number to pay shipping fees. Users enter their credit card information and now the attacker has their financial data with private information tied to the credit card. The information can be sold on darknet markets, or an attacker could use the information to make fraudulent purchases.

With artificial intelligence and voice changers, attackers now use vishing as an alternative method to convince users to divulge sensitive information. In a vishing scam, a scammer contacts users to tell them that their account has been compromised. An attacker might convince users to divulge their credentials or trick them into divulging a two-factor authentication (2FA) code to give the attacker authorized access to an account. Users should know never to divulge their two-factor authentication code or their credentials to a caller, even if the caller claims to be a coworker.

In a sophisticated attack, scammers use a combination of methods including social engineering. Multiple cyber-criminals work in a group to perform spear-phishing against specific employees with high-privilege accounts. A high-privilege account has access to sensitive data and can sometimes transfer money. For example, an attacker might target an accountant of a CFO for their ability to transfer money and obtain sensitive financial data for an organization. The attacker might use a corporate vendor and mimic their business information and marketing material to trick the high-privilege employee to fall victim to phishing and malware. Social engineering is often used in a sophisticated attack to convince these employees that they are performing a task based on an executive order.

 

How SafeTitan’s Cybersecurity Awareness Training and Phishing Simulations Can Help

Cybersecurity awareness training helps defend against brand impersonation by providing employees with enough information to identify a phishing email and know where to report it. It’s also beneficial for businesses that need to train employees to recognize social engineering and the many ways attacker contact targeted victims within an organization.

Training isn’t enough for an enterprise with several employees including new ones onboarded as the organization grows. You need a system in place to train employees and continue to train them as the cybersecurity landscape evolves. SafeTitan is a full suite of cybersecurity awareness training used in an enterprise to teach employees to identify phishing and other kinds of sophisticated attacks on an enterprise’s brand reputation.

With SafeTitan, you get more than a simple cybersecurity awareness training program. Administrators have access to phishing simulations, thousands of templates, and analytics that provide insights into employee interactions with a phishing simulation test. By viewing analytics, administrators can identify training opportunities for employees that need more guidance on phishing red flags and what to do if a phishing email includes an embedded link.

Phishing simulation exercises look exactly like real-world attacks, so administrators are sure to give employees information on actual cyber events. The SafeTitan product automatically updates using TitanHQ threat intelligence and research, so the SafeTitan always has the latest information with new templates emulating the more recent phishing attacks seen in the wild. It also integrates with all the popular productivity suites including Microsoft Office 365, Teams, Outlook, Azure Active Directory, and Google Suite.

Administrator reports let stakeholders know the effectiveness of their SafeTitan implementation so that they can make further improvements and progress into more advanced training. Phishing simulation emails track when a user opens an email, when a user deletes the phishing email, when the user clicks a link, and when the user enters sensitive information on a phishing web page. All these metrics help administrators further their goals and train users when they partially fall for a phishing attack or simply click a link and go no further in the process.

SafeTitan is perfect for managed service providers that need a way to train employees for multiple clients. The centralized reporting feature lets managed service providers view which clients need the most attention. A managed service provider that offers cybersecurity awareness training services lowers risk of a compromise for each client, and it reduces overhead of incident response after a critical cybersecurity event.

Whether you’re a managed service provider or an administrator for a business struggling to fight against phishing and sophisticated social engineering, SafeTitan has the services and phishing simulation that can help you educate employees so that they can be a part of a cybersecurity strategy. Employees with better cybersecurity training is much more likely to delete a phishing email and report it rather than fall for the scammer’s tricks.

To increase your cybersecurity, create a better strategy around phishing, and educate users against sophisticated attacks, sign up for a SafeTitan free trial.