How does brand impersonation work?
Cybercriminals use brand impersonation to mimic trusted brands, thus tricking innocent victims into engaging with a malicious platform, usually to harvest credentials, steal personal information, conduct fraud or launch malware. Brand impersonation is often effective because it preys on a consumer’s trusted relationship with a company they are familiar with.
What Does Brand Impersonation Look Like?
Brand impersonation attacks often appear in spoofed emails or spoofed websites. Emails that appear to come from a legitimate domain might request urgent action from the recipient and include malicious attachments or manipulated links that direct users to fake websites. Spoofed websites might copy a real brand’s colors, images and coding to trick unsuspecting users. Other attack methods include:
- Fake job advertisements that pose as a legitimate company on job sites or search engine ads.
- Fake social media accounts that direct victims to malicious websites.
- Search ad phishing, which spoof legitimate domains to appear in search engine results.
- Vishing and SMShing attacks that appear to come from a real brand.
What are some ways to prevent brand impersonation?
The DMARC email authentication protocol, combined with third-party brand protection services such as Mimecast’s Brand Exploit Protect, are key to preventing brand impersonation. Both require strategic planning and ongoing monitoring to ensure thorough brand protection, which generally relies on careful collaboration between cybersecurity and marketing teams.