Advanced phishing

How do brand impersonation phishing attacks work?

by Egress
Published on 3rd Mar 2022

Unfortunately for businesses and users across the globe, brand impersonation phishing attacks are on the rise. Technology has made it easier for threat actors to access victims and allow them to operate from safety, targeting dozens or even hundreds of individuals and businesses simultaneously. 

Defining brand impersonation attacks

Brand impersonation attacks can occur via email and involve malicious actors impersonating recgnizable brands. Cybercriminals use these attacks to steal credentials, proprietary secrets, and personal information. Leveraging the victim's trust in the company name, attackers can directly contact potential victims and use social engineering techniques to trick them into giving up account credentials or exposing them to malware via malicious links. 

How brand impersonation works

Like many phishing techniques, brand impersonation attacks can target specific individuals or occur via mass email spam. The most valuable marks are individuals with the authority and access to transfer funds or sensitive information.

Attackers typically execute a reconnaissance phase where they conduct extensive research on a target, leveraging social media and other sources to identify and scout targets with access to sensitive information and credentials. The recon effort also helps the attacker find credible avenues to approach the target and craft a believable message.

Common examples include a user receiving an email from "PayPal" stating that their account credentials need to be reset. If the user clicks the link and enters their PayPal credentials at the spoofed URL (made to look identical to the actual website), they have just shared their user name and password with a hacker.

Cybercriminals impersonate vendors to take advantage of the existing confidence and trust between businesses These attacks can have significant financial impacts and permanently tarnish business relationships. It’s relatively easy for attackers to work out the links in a supply chain from publicly available information on corporate websites and LinkedIn.

Why brand impersonation is so difficult to stop

Because the victims in question often receive email correspondence from the impersonated brand, they are often unaware of the threat and lack any awareness that they're targeted for an attack. Attackers further obfuscate the threat by leveraging carefully designed email templates combined with spoofed email domains and URLs. 

Real-world brand impersonation attacks

There's so much spam hitting email inboxes these days that many people have become desensitized to the potential costs of these scams. When brand impersonation attacks target individuals with access to the purse strings at multi-billion-dollar companies, the costs can be staggering. 

Facebook and Google fall victim to $121 million scam

Between 2013 and 2015, cybercriminal Evaldas Rimasauskas and his associates set up an elaborate fake company called Quanta Computer, which shared the name of a legitimate hardware supplier. They supplied Facebook and Google with invoices for hardware purchases, which amounted to $121 million in charges over two years. The attackers even scammed the bank into accepting the deposits. 

Ubiquiti hit with a $46 million impersonation scam

Before hitting network manufacturer Ubiquiti, the attackers did extensive homework with an impersonation attack that targeted their most senior executives. The criminals researched and impersonated executives and then targeted their financial employees with fraudulent communications. The fraud resulted in losses for the company totaling $46.7 million and created a public story that tarnished the company's reputation. 

Companies need intelligent protection to stop brand impersonation attacks 

Traditional methods and tools won't get it done against the zero-day techniques prevalent in today's cyberattacks. Hackers grow increasingly sophisticated at bypassing traditional prevention techniques like all spear-phishing techniques. They've adjusted their tactics and upped their game, bypassing secure email gateways and enterprise email spam filters with relative ease. 

The solution organizations need must be intelligent enough to keep pace as attacks evolve. That means leveraging AI and machine learning to understand and baseline standard communications patterns so that when anomalies occur, they are snuffed out quickly before company finances or data can be compromised. 

Stop brand impersonation attacks with Egress Defend

Traditional email security solutions like secure email gateways, spam filters, and antivirus scanners fall short in stopping brand impersonation attacks. Even the best-performing vendors for these solutions can't patch systems fast enough to deal with zero-day attacks and carefully executed social engineering methods. Egress Defend combines zero-trust models with advanced machine learning and natural language processing to detect and neutralize even zero-day brand impersonation attacks. 

By providing actionable intelligence in real-time without requiring administrators to configure rules manually, manage quarantines, or perform triage analysis, Egress Defend frees up critical cybersecurity personnel and resources while stopping sophisticated brand impersonation attacks in their tracks. 

It isn't enough to flag an attack after the threat arrives in a user's inbox. Egress Defend uses natural language processing and machine learning to detect and neutralize threats before a user would ever have an opportunity to reply or click a malicious link. 

Related articles