Phishing

Overview of phishing techniques: Brand impersonation

Greg Belding
November 2, 2020 by
Greg Belding

Introduction

Phishing emails are well known for using different flavors of trickery to cause users to bite on the proverbial lure. Perhaps the phishing technique that best exemplifies a spirit of trickery is that of brand impersonation — using the name, logo and other identifying aspects of a brand to trick users into trusting the email because they trust the brand. 

This article will provide an overview of the brand impersonation phishing technique and will explore what brand impersonation is, how it works, the anatomy of brand impersonation, red flags of brand impersonation and how to prevent falling victim to this phishing technique.

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

What is the brand impersonation phishing technique?

Brand impersonation is exactly what it sounds like. Instead of sending spoofed emails to a targeted user in hopes they are conned into thinking the email is legitimate, brand impersonation involves the use of a brand name, logo, legitimate-looking emails and websites into tricking the user into clicking on links, downloading malicious attachments and possibly even giving up personal information.

Putting brand impersonation emails into perspective, it has been said that internet users today receive more impersonated emails claiming to be from trusted brands than they receive legitimate emails from the same companies. If this trend keeps up, it would be safer to assume that emails from trusted brands are impersonated rather than legitimate upon first look, but thankfully we are not at that point yet.

How does brand impersonation work?

Brand impersonation works by tricking the recipient into believing that they are a legitimate, reputable brand. Phishers know that if a user believes that they have received an email from a reputable brand, they will be more likely to click links, such as links that will lead the user to a landing page with the brand logo to change their password in order to capture login credentials to the brand’s legitimate website.

Phishers try to drive home the trust factor with brand impersonation and often use a very recognizable brand to trick the user. 

Below is the top 10 list of brands most impersonated in phishing campaigns:

  1. Microsoft
  2. PayPal
  3. Facebook
  4. Netflix
  5. Bank of America
  6. Apple
  7. CIBC
  8. Amazon
  9. DHL
  10. DocuSign

Keeping in mind that a targeted user could potentially be a paying account holder for several of these organizations concurrently, you can see how the user could suspend disbelief and click on the links contained in the brand impersonation emails.

Below are some further statistics about the state of brand impersonation in 2020:

  • 36% of brand impersonation emails use some type of brand name display in its deception
  • 32% use the name of a well-known individual within the organization as part of its deception (such as Bill Gates for Microsoft brand impersonation)
  • 20% use domains that are look-alikes to the legitimate organization domain
  • 12% of brand impersonation emails originate from an actual compromised account within the organization that is being impersonated

The anatomy of brand impersonation

The brand impersonation phishing technique goes beyond the email to deliver its deception. Brand impersonation has been observed to use:

  • An initial phishing email stating that it is from a legitimate brand (or from an individual working at the brand) and typically includes the brand logo and name as well as some semblance of an email domain referring to the name of the brand
  • An organization landing page containing the brand logo and any contextual content referring to the original purpose of visiting the page (such as a login window for password reset)
  • A spoofed organization website that is designed to resemble the organization’s legitimate website. A recent brand impersonation phishing campaign impersonated the Financial Industry Regulatory Authority (FINRA) and created a website that was fully legitimate-looking and all but mirrored the organization’s official website
  • Points of contact, such as a customer service email or telephone number, that are minimally staffed to make everything look legitimate

Red flags of brand impersonation

Similar to other phishing techniques, the brand impersonation phishing technique typically contains multiple red flags in its emails. These red flags are:

  • Bad grammar, typos and sentences that trail off into nonsensical gibberish (think spam email subject lines circa 2004)
  • Fostering a sense of urgency along with a login link in the email
  • Requesting that you supply the organization with, or confirm/update personal information
  • The email domain does not match the organization’s legitimate email domain
  • Sender’s email address has been changed, is listed as someone else’s name, or any other semantic irregularities within the email

How to protect against brand impersonation

The best way to prevent brand impersonation is to not interact with brand impersonation emails in the first place. 

  • If it appears to be brand impersonation on its face, don’t open the email
  • Don’t click on any links found in the email
  • Don’t download any files attached to the email
  • If the email asks you to change a password or log into the organization’s website for any reason, bypass the link provided and log in directly on the organization’s legitimate website
  • If still in doubt, contact the organization and ask if the email is legitimate

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Conclusion

Brand impersonation is a phishing technique that embodies the heart of phishing: trickery. This technique relies upon the trust that many have placed with legitimate, reputable brands in an attempt to harvest their login credentials to the brand’s legitimate website. Brand impersonation is very prevalent today and is not expected to quit anytime soon, so everyone should take stock of their cybersecurity awareness of this technique and beef it up accordingly.

 

Sources

Brand Impersonation Phishing Attacks Grow While Organizations Fail to Protect Their Brands Using DMARC, KnowBe4

Cybersecurity Warning: Top-10 Brands Used to Attack Millions With Phishing Campaigns Revealed, Forbes.

Brand Impersonation: What it is and how to avoid it, Commerce Bank Blog

Greg Belding
Greg Belding

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.