How Can Brands Protect Themselves and Their Customers?

Protect your Cloud data now!

Brand impersonation attacks target well-known brands to deceive users and steal data. 

•Educate employees and customers about recognizing and reporting brand impersonation attempts. 

• Use advanced security measures to detect and prevent brand impersonation attacks. 

• SysCloud offers robust backup and data protection solutions (for example, ransomware detection) to protect against brand impersonation, ensuring all data is securely backed up and easily recoverable in case of an attack.

Cybercriminals use every trick in the book to scam businesses. One of the most common online scams that popular brands are especially vulnerable to is a brand impersonation phishing attack!

Phishing is a cyber attack that uses emails as a weapon to trick the target. The target is made to believe that the message is from a trusted source and prompted to click on a link or to download an attachment that has malicious content in it.

According to Google Transparency Report 2018, the number of phishing sites detected per week has drastically increased from 3,800 in Nov 2007 to 49,696 in Nov 2017.

Brand Impersonation is a form of phishing attack where attackers pretend to be from a trusted brand/company. They send out emails that contain malicious content. These emails resemble a well-known bank, credit card company, an e-commerce portal, or even a government agency.

The aim of a brand impersonation attack is to gain confidential data of the targeted victim.

Some of the most common reasons for a brand impersonation attack are:

Using the target’s login credentials to access financial details as well as initiate fund transfers,

Stealing personal information like address or phone number to sell it to others, and

Ruining the trust of a service provider’s customers by charging them with false dues.

Source forgery refers to the process of faking the ‘From’ address in an email. Hackers can easily manipulate the ‘From’ address in an email to make it look genuine. This can be done by using SMTP services and other online tools – like Kali Linux.

Brand impersonation phishing attacks will have links embedded in the email that is designed to look reliable so that the potential target clicks on them. To make these links look genuine, hackers create false references. This can be done by using the of the webpage.

Usually, the attackers fake a company/brand website by using the following HTML code in their email:

https://genuinewebsite.com For example: http://passinest.com*> https://support.google.com(*Disabled phishing link)

In the above example, clicking on https://support.google.com will take the user to http://passinest.com. of the received email can be checked by the following steps :

Open the received email without clicking on any link.

Right-click anywhere in the email to see the options.

Select “Inspect” option to see the “Inspection View” of the email.

Hackers buy domains that look similar to the domain of a known brand. This makes it easier for the hackers to carry out brand impersonation attacks.

For example, the below image shows the domain names available in GoDaddy, which are similar to FedEx.

A hacker is most likely to use fedexcare.com to fake “FedEx Cares” website (fedexcares.com) which is an official FedEx website

We have analyzed a list of brands that are popular among scammers for carrying out brand impersonation attacks.

Brands like Netflix have a higher risk of brand impersonation attacks because they have millions of subscribers worldwide.

Here is one such Netflix scam targeting its customers.

“We were unable to validate your billing information for the next billing cycle of your subscription,” the hoax email states. “We’ll suspend your membership if we do not receive a response from you within 48 hours.”

This Netflix email scam came to light when non-subscribers of Netflix started receiving such emails. Once the attack got reported, Netflix immediately issued a warning, urging its customers not to do any payment through such links.

A recent Netflix email scam shows that the hackers are now targeting the legitimacy of the website. This is done by using Transport Layer Security (TLS) certificates.

Emails sent by banks are always on the top of everyone’s priority list, and that’s why they are always targeted by scammers.

Here is an example of a phishing attack targeting Bank of America.

Fake link – mouseover to see the original link

It doesn’t end there! Even the partner organizations associated with well-known brands – which are targeted by phishers – face high risks because these attacks can initiate a chain of cyber attacks that eventually target the partners as well.

LinkedIn has around 546 million users worldwide. Even if 10% of users are targeted with such LinkedIn phishing email, 5.4 million users will be at risk.

Unsubscribe option – similar to the original LinkedIn emails

Action to click over a link to follow or DM

Not from “messages-noreply@linkedin.com” sender address

Such attacks can have the following effects:

LinkedIn holds your professional identity which can be used for IDENTITY FRAUD.

Professionals do maintain their LinkedIn ID with their business account. Hence, LinkedIn phishing attacks can result in DATA BREACHES.

In December 2017, a number of people received a PayPal phishing email.

PayPal logo with the sender domain asservice@paypal.comconvinced many customers to click on the link to see the transaction details.

This attack was planned to acquire PayPal customer data such as:

Personal information: Name, street address, city, state, zip, country, phone number, mother’s maiden name, and date of birth.

Credit card information: name, number, expiration code, security code.

‘PayPal’ written as ‘Paypal’ (Some phishing emails)

In May 2017, millions of Gmail users received a Google Docs phishing email. Once the users clicked on the link, they were directed to the following page:

Since Gmail is a trusted brand, no one actually reads the “Permission Settings” before clicking on the “Allow” button. Hackers used this oversight to their advantage and created a fake page to get access to user’s emails and contacts.

1.2 million Gmail users were affected by this attack. Here is an official statement from Google on this attack.

Official statement: “We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1 percent of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There are no further action users need to take regarding this event; users who want to review third-party apps connected to their account can visit Google Security Checkup”.

Scammers impersonate E-commerce sites like Amazon and eBay to fraudulently access customer’s credit card details.

For example, an elderly couple received an Amazon phishing email in June 2018. In the email, they were asked to confirm their account details, by clicking on a link. Once the hackers got the login credentials, they placed an order from the couple’s Amazon account. Initially, both the bank and Amazon refused to refund the couple for the fraudulent transaction. It was only after verifying the IP address and order details that the bank decided to refund them the money.

Amazon logo used along with the order description

Telstra is an Australian telecom brand that was impersonated to target a large number of their customers.

This attack was so sophisticated that it was difficult to differentiate between the original and fake Telstra Email Bill.

Recipient’s Telstra account number missing from the subject line

Hackers used “www.my-Telstra-com-au” to fake the real site “www.my.telstra.com.au”

The primary motive behind this attack was to get the following details:

Date of birth, driver’s license number, and mother’s maiden name

Cybercriminals use social media to target a large number of people. With Facebook phishing attacks, one can target up to 2.19 billion people!

Fake Facebook login pages are the first step toward launching a Facebook phishing scam.

The example given below shows a fake Facebook login page that’s used for phishing:

Now the question is: “Is it that easy to create a fake Facebook login page?” The answer is YES! If you search ‘Facebook phishing page’ on Google, you will get the following results:

Wells Fargo is an American bank with over 70 million accounts. Recently, people were targeted with a Wells Fargo phishing email that said, “We have Updated Your Contact Information.”

According to Wells Fargo policies, customers had to update their personal information periodically, and hence, this email actually made sense to them.

Account number missing from the subject line

Use of ‘Common salutation’ instead of ‘Dear ’

The changes were not displayed in the email. Instead, the attackers asked the customers to log in to their account to view the changes

The motive of this Wells Fargo phishing attack was to gather:

For Apple users, all of their data is stored in their iCloud account by default. The scammer sent out threatening Apple phishing emails to its customers warning them about their account suspension.

Call to action that leads to a phishing page

Apple support link is not embedded in the email

Hackers copy the Dropbox logo into their emails to add authenticity to the scams.

One such Dropbox phishing email is shown below where the potential target is asked to access the files sent via Dropbox.

On clicking “Access File Here” link, a malicious file was downloaded into their system.

The above image shows how a genuine Dropbox email will look like.

Yahoo! has around 350 million active subscribers and scammers love targeting Yahoo!.

For example, in the image given below, you can see a “Yahoo Account Disabled” email.

There is a warning to delete the account along with emails, contacts, and other data

The “Sign in and verify it” link points to a phishing site

Remember: Your bank, credit card company, or email service provider will never loop you into a group email. They will only communicate with you through personal email.

"Your password reset is in process and your current password will be disabled shortly the password reset link will be forwarded to the new optional email submitted”.

On clicking the reset link, users were redirected to a fake Outlook login page. On entering the credentials, an error message showed up and sent the user credentials to the hackers.

JPMorgan Chase is a well-established American investment bank and financial services company. In a recent cyber attack, scammers targeted Chase customers with an email that read:

Actionable insights, best practices and tips for IT admins to protect SaaS data.

Explore SaaS 
data protection center

Get expert insights on SaaS data and security

16 Top Brands That Scammers Target for Brand Impersonation Attack

I acknowledge cookies need to be deleted from my browser to remove tracking.

Ensure complete tracking removal by deleting cookies from your browser. Click here to learn how.

These cookies are set through our site by a range of third-party social media services that we have added to the site to enable you to share our content with your friends and networks. These cookies are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies, you may not be able to use or see the social media sharing tools.

These cookies are necessary for the website to function and allow us to count visits and traffic sources so we can measure and improve the performance of our site. The cookies may be set by us or third-party providers in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. All information these cookies collect is aggregated and therefore anonymous.

This website uses cookies. We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.Learn more about how we process personal data in our  Privacy Policy.

These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They are based on uniquely identifying your browser and internet device. If you disable these cookies, you will experience fewer or no targeted advertising. You may still see advertisements.

A Complete Guide to Google Drive Backup

Gmail Backup: How to Backup Gmail Emails for Business (Step-By-Step Guide)

What Is Google Vault? How Is It Different from Backup?

12 Reasons Why You Need Google Workspace Backup

How to Back Up Outlook Emails: A Step-by-Step Guide

An Admin’s Guide to SharePoint Online Backup

10 Critical Reasons to Backup Microsoft 365 Data Immediately!

How to Backup OneDrive for Business: A Complete Guide for Admins

How to Backup Outlook Emails: A Complete Guide (with screenshots)

Microsoft Teams Recovery Wizard

Gmail Recovery Wizard

Google Classroom Recovery Wizard

Google Sites Recovery Wizard

OneDrive Recovery Wizard

SharePoint Recovery Wizard

How to Prevent Cyberbullying in Schools: Strategies, Tips, & Best Practices

Mental Health in Schools – The Ultimate Guide for School Administrators

How to Recover Deleted Emails from Gmail for Business

How to Recover Permanently Deleted Files from Google Drive for Business

How to Recover Deleted Gmail Account – A Complete Guide

How to Recover Permanently Deleted Files from OneDrive for Business

How to Recover Deleted SharePoint Files in Microsoft Office 365?

How to Recover Deleted Outlook Emails in Microsoft 365?

SaaS Backup Buying Guide

How to Transfer Your Google Drive Files to Another Account

Shared Drive for the Confused – Google Drive vs. Shared (Team) Drives

A Complete Guide to Google Organizational Units

How to Use Google Takeout for Business: A Complete Guide

How to Delete a Google and Gmail Account

How to Import MBOX into Gmail: A Step-By-Step Guide

Demystifying Google Drive Document Sharing

Google Vault: The Ultimate Guide for IT Administrators (Updated)

Google G Suite Primary Domain Change Migration Guide

Admin's Guide to Using OneDrive Shared Folder and Files

A Complete Guide to Azure AD Administrative Units

Why do IT Admins Prefer SysCloud for SaaS Backup?

FERPA Compliance: A Complete Guide for Educational Institutions

Ransomware Recovery Guide: How to Recover from a Ransomware Attack

Gmail Security Settings: Strengthen Gmail Security against Phishing and Ransomware

5 Microsoft 365 Admin Center Outlook Settings to Stop Phishing Attacks

Insider Threats : A Guide to Your Cloud Apps Security

The State of G Suite Third-Party App Security – 2018 Report

14 Types of Phishing Attacks That IT Administrators Should Watch For

How to Prevent a Phishing Attack? 17 Easy Hacks for Administrators

Google Drive Security : 3 Ways to Guarantee Safety

How Compliance to PCI Can Be Achieved in Google G Suite

SOX Compliance in Google Apps

Top 3 Critical Security Mistakes When Configuring a Google Apps Domain

What does Facebook & FedEx have in common? They are victims of brand impersonation phishing attacks. Learn how you can protect your brand from being phished!

16 Top Brands That Scammers Target for Brand Impersonation Attacks

An in-depth article on how admins can protect your brand from being phished

16 Top Brands That Scammers Target for Brand Impersonation Attack

What is brand impersonation?

What are the motives of a hacker?

How do hackers impersonate a brand?

How can brands protect themselves and their customers?

Understanding brand impersonation

Secure internal process

Customer/Employee awareness