What is Brand Impersonation?

In the context of email security, brand impersonation is a form of phishing cyber-attack that aims to solicit sensitive information from victims by posing as a legitimate brand. All brands, small and large, are susceptible to impersonation tactics. However, attackers will often impersonate large brands like Facebook, Amazon, Microsoft, and Google because of their large user base.  

In this scenario, a brand imposter would create a fraudulent message to solicit information from a customer or consumer of these brands. Brand impersonation is also costly for impersonated brands as they also suffer from loss of credibility and reputation.  

To launch a brand impersonation attack, a cyber-attacker engineers a message that masks itself as a message from the impersonated brand. This message will look like it is being sent from a legitimate member of the organization so that the victim does not bother to further investigate the sender’s credentials. The message may contain a request or requirement for the victim to verify their account information or send money to the imposter.

Technical support

Brand impersonators can mask themselves as members of an external company’s technical support staff of a credible brand to request login credentials and gain access to individuals’ accounts.  

E-commerce

‍E-commerce sites are particularly vulnerable for being impersonated because they conduct money transaction via the internet and have access to sensitive information of their customers like credit card numbers. It is not uncommon to receive smishing messages from brand impersonators masking themselves as an e-commerce company stating that “there is an issue with your order” and asking for your login credentials to verify your identity.  

Job offer

‍Impersonating a potential employer in the recruitment process causes a sense of urgency in the victim. Brand impersonators take advantage of job seekers who tend to be extra vigilant of their email and eager to respond to opportunities.  

Legal entity

‍Legal organizations have access to and commonly request sensitive information from their clients. Therefore, brand impersonators will take advantage of this and pose as a law firm or government authority in order to trick the victim into handing over sensitive information.

Social media

‍Outside of phishing emails, impersonators can create fake social media accounts that mimic legitimate brands in order to solicit information from individuals.  

To identify brand impersonation, do the following:

Verify the sender‍

Often the sender of the message will not be from a legitimate source. Spoofed domains and sender’s addresses are common with brand impersonators. You may use SPF, DKIM or DMARC checks.  

Be cautious of grammar

‍Inexperienced brand impersonators are likely to make grammatical and spelling errors in their messages. If a message looks unprofessional, be extremely cautious around it. However, it is possible for brand impersonators to send messages that are grammatically correct and for legitimate mail to have some spelling errors.

Communication methods

‍Organizations usually communicate with their customers through similar methods. If this is a method of communication or at a frequency that is uncommon between you and the brand, then it could be brand impersonation.  

Filter spam

‍Setting your systems to filter for spam emails, vishing calls, or smishing text messages will send most brand impersonation attempts to a separate mailbox. While this method is not full proof, it is helpful for avoiding some brand impersonation attempts.

For organizations brand impersonation can be difficult to identify. Whether it is an attacker impersonating another brand or an attacker impersonating your brand, keeping track of your external facing assets is increasingly difficult. To keep up with brand impersonation organizations can do the following:  

Register brand name and trademarks‍

This will allow you to take legal action if you find anyone impersonating your brand without your permission.

Monitor external facing assets

‍It is not uncommon to be unaware of domains that are masking as your organization. To solve this issue, there are cyber security solutions such as Darktrace PREVENT/Attack Surface Management (ASM) that will assist your security team in monitoring your external facing assets across the internet.

Educate customers

Customers can unknowingly hand over their information to someone posing as your brand. To avoid human error from your customers, provide guidance and support regarding the communication methods you use to communicate with your customers. If they know that you will never ask for sensitive information via an email or text message, the likelihood that they will hand over that information will decrease.

Educate employees

‍Educate your employees on the partners you work with and the common communication patterns so that if a cyber-attacker attempts to impersonate as a trusted brand, your employees can identify the malicious activity.

Advanced security solutions

‍To stop brand impersonation attacks from reaching email inboxes, advanced security solutions like Darktrace/Email™ understand user behavior to identify deviations from normal business activity. This means that even novel attacks and social engineering attacks without obvious spelling errors or poor grammar will still be recognized. When a particular user behaves abnormally, like receiving an email from an unknown sender or sending atypical information, Darktrace can alert the security team and stop this user from causing further harm.

Protect Against Brand Abuse with Darktrace PREVENT