Brand impersonation is a widespread, common tactic used by scammers in order to gain access to your sensitive information. This tactic is a form of email phishing in which a scammer will disguise their fraudulent email using a trusted, legitimate company’s name, logo, etc. Attackers often pose as large brands such as Facebook, Amazon, Microsoft, Google, and others like them due to their large reach. Chances are, the victim of their attack has an account with one of these large companies, making the fraudulent email more believable. For example, an attacker may create a fake email that appears to be from Google telling you that you need to change your password and prompting you to enter your log in information. If you input your information, you will unknowingly be giving it to the attacker, and they will then have access to your account. Some other common examples of brand impersonation phishing emails include fake job offers, fake IT support, and fake legal notifications.
With the ever-growing prominence of technology in the workplace, we’ve recently seen many tech-related companies be impersonated. Docusign, a software company that offers electronic agreement solutions like electronic signatures has been impersonated in several attacks. Last year, a Docusign impersonation campaign was discovered that targeted over 10,000 end users across multiple companies. The email was designed to look and act exactly like normal communications from the software, but upon clicking the links embedded in the email, users were directed to a fraudulent landing page where the scammers were able to steal their log in credentials.
Another Docusign impersonation attack was observed last year in which scammers hid empty SVG files inside HTML attachments that appeared as though they were Docusign documents. This strategy allowed scammers to evade detection of redirect URLs. In this particular attack, users were requested to review and sign a sent document titled “Scanned Remittance Advice.htm.” The scammers used an HTML file because they are less likely to be blocked by email security products. However, they were also able to hide an SVG file behind the HTML file. After the victim tried to open the HTML file, they were automatically redirected to a malicious URL. The SVG image doesn’t show on the screen since it is blank, making it undetectable and a perfect place to hide malicious script.
Many attackers also impersonate widely used companies like Zoom, Skype, and Adobe. These are all applications that are so common in the workplace that fraudulent emails with their names will be more convincing since the targets are more likely to have used the programs and may click through without thinking much about it. According to the Federal Trade Commission, Best Buy/Geek Squad, Amazon, and PayPal were some of the companies that scammers impersonated most often in 2023. In their report, they stated that consumers submitted a whopping 52,000 reports of Best Buy impersonations, followed by about 34,000 for Amazon and 10,000 for PayPal.
Overall, it is important to verify the validity of an email before interacting with it. Scammers often impersonate brands that are commonly used in the workplace to trick employees into handing over sensitive information. You can verify the identity of the sender by either talking to them in person or contacting them using a different, verified email address or phone number. Also, check the URLs of links before clicking on them, check the email address of the sender for typos, scan the body of the email for typos, and don’t respond to emails that are unusual or suspicious. Additionally, if you’re worried about an email, you can have your IT provider look at it and determine whether or not it is legitimate.
Read our previous post here: Recent Scams in Kansas City