Brand impersonation has become a new favourite attack vector for cybercriminals these days. In a brand phishing attack, cybercriminals imitate the official website of a reputable brand by using a similar URL or domain name and copying the genuine web-page’s design. In most cases, the fake website is created to steal payment details, users’ credentials, or other personal data.
Reportedly, hackers imitated Microsoft the most to trick users into sharing their payment credentials or personal information in the third quarter of 2020. Microsoft rose from fifth place in Q2 2020 to the top of the list in Q3 2020 for brand phishing attacks.
The American multinational company appeared in 19% of all global brand phishing attempts. Moreover, a brand phishing campaign has targeted up to 50,000 Office 365 users to steal their login credentials.
As an unprecedented number of people continue to work in a remote environment, brand impersonation attacks provide opportunistic fraudsters with the perfect way of making a profit by exploiting the COVID-19-related fear and confusion. The name of a well-known brand can often lull people into a false sense of security, making them more likely to give up personal information.
Statistics on Brand Phishing Attacks in 2020
With extensive brand phishing campaigns continually on the rise, no individual or organization remains safe. Mentioned below are some shocking statistics showing just how severe this cyber threat is:
- Brand impersonation accounts for 83% of all spear phishing attacks.
- Email phishing was the most prominent brand phishing platform in Q3, accounting for 44% of all attacks, closely followed by web phishing that accounted for 43% of all attacks.
- In the ranking for the most imitated brands in Q3 2020, Microsoft was followed by DHL, Apple, Google, PayPal, Facebook, WhatsApp, Netflix, Amazon and Instagram.
- DHL has taken the second spot with its appearance in 9% of all brand phishing attempts globally.
Measures to Protect Your Organization Against Brand Impersonation
Cybercriminals are misusing the names and email domains of well-reputed organizations all around the world for malicious purposes. This not only affects your relationship with your customers but also severely impacts your brand reputation. So, here are some useful tips to protect your organization against brand impersonation.
- Conduct regular and stringent brand monitoring to ensure that your organization is not being negatively publicized online by phishing applications or web pages. It makes it significantly easier to detect any website forgery and efficiently manage the domain.
- Use an instant take-down tool like KPMonitor to identify fraudulent practices occurring against your organization and instantly eliminate phishing domains misusing the name of your brand.
- Implement standard email authentication protocols like DMARC, DKIM and SPF to protect your organization against domain forgery. Tools like KDMARC monitors all three of these email authentication protocols and secures email domain against spoofing and other email-based attacks.
- Utilize dark web monitoring techniques to detect any copyright infringement activities occurring on the dark web.
- Generate awareness amongst your employees about the prevailing cyber-attack tactics and basic cybersecurity measures they can take to prevent it. Use a security awareness training tool like ThreatCop to educate them on the evolving cyber threat landscape.
- Warn your customers against potential impersonators. Include a safety policy in all your customer-facing emails, on your website and on your social media accounts, stating that the organization will never ask customers to give up their login credentials or personal data.