Expert Tips to Identify and Prevent Business Impersonation Attacks
Brand impersonation is no longer limited to your corporate account. The threat today is highly sophisticated, with impersonators turning to create similar domains, fake social media accounts, and scam mobile apps. There are instances where scammers impersonate executives or employees.
A DNS report on the business impersonation landscape released in July 2022 shows an increase in impersonation attacks. In May 2022 alone, 52% of BEC scams were impersonating third-party businesses. Early detection can help a business cushion heavy losses. Taking the best preventive measures can help protect an organization, its workers, customers, and partners.Â
How serious are business impersonation attacks?
Impersonation attacks keep evolving, but they mostly target corporate employees. A scammer sends an email while masquerading as a trusted source, but they aim to gain access to sensitive company data. FBI recently reported impersonation is causing losses exceedingly $5.3 billion globally.
They warn companies of the importance of investing in ways to prevent BEC attacks and avoid losses. It is a serious crime that is hard to detect if the target is not keen on details. WhoisXMLAPI recently analyzed the email domains of 29 Fortune 500 companies. They found that over 49,000 cybersquatting domains and subdomains were created between June 2021 and July 2022. They were all targeting Fortune 500 companies and top CEOs.Â
Most targeted business sectors
The Phishing Activity Trends report by APWG 2022 shows the total number of attacks in March 2022 was 384,291. The first quarter of 2022 recorded over 1.025 million attacks. The most targeted sectors were financial, SaaS, retail, and social media.Â
- Financial sector: The commonest impersonation attacks in the financial sector involve creating a similar website or application. They lure customers into accepting a link and downloading some app and then stealing their information. At least 164 regional banks in the US received 870 impersonations between January to April 2022. The Bank of America experienced an impersonation attack in December 2021.Â
- Retail Sector: The online retail sector experiences high email impersonation attacks. Scammers create email accounts similar to the ones used by specific retailers. Unsuspecting customers subscribe to them and then make payments for products they will never receive.Â
- Social media: Scammers create social media accounts that impersonate specific brands. Some use the exact brand logo and name but use a fake backlink. They aim to solicit money from unsuspecting customers.Â
- Cryptocurrency: Scammers use impersonating websites to target cryptocurrency websites and brands. They send emails to wallet holders and ask for seed phrases which they then use to steal the wallet holder’s cryptocurrency.Â
Latest impersonation attacks
COVID-19-themed phishing emails
2020 and 2021 recorded the highest numbers of phishing emails sent to companies. They contained fake vaccine messages and requested recipients to confirm signup for survey responses. By April 2020, scammers were sending 18 million phishing emails daily, according to a BBC report. This accounted for a 600% rise in the first quarter of 2020.Â
Technical support phishing emails
These emails mostly target people working from home. They receive emails that purport to provide technical support to the users. They are asked to install an app on their devices. Once installed, they begin to receive massive fake invoices claiming they made purchases from Amazon and Apple.
Impersonated websites
The websites that receive the highest number of impersonations are PayPal at 10%, Google at 35%, Apple at 6%, Chase Bank at 15%, and DropBox at 13%. The websites adopt the exact design of the target brand and may, at times, use similar URLs.Â
How to detect impersonation attacks
- Modified email addresses: Scammers send modified emails and request users to log in and update an account. The person may pretend to be from cleansoft@gmail.com, but their email is modified as cleans0ft@gmail.com.
- Messages with urgency: A user can receive a message that tells them to act fast or lose their account. They put pressure on users to act fast.
- Suspicious links: Users receive emails containing suspicious links or zipped attachments.
- Requesting to provide sensitive data: Attackers request recipients to provide sensitive data such as account numbers or passwords.
How to prevent impersonation attacks
Spoofed domain attacks
Impersonated domains provide hackers with unlimited opportunities to steal information from companies. They can use them to send malware, phishing, and vishing emails. They create weaponized domains and use them to reach the brand’s customers. Most often, it is not possible to know when an attacker creates and launches a spoofed domain. It might be too late to act when the effect has already reached clients. The best way to prevent impersonated domains is to use automated detection software such as AI technology.
Impersonated applications
Mobile banking is a major sector targeted through the use of fraudulent applications. The app contains malware that steals sensitive account information. Hackers develop applications that look like real brands and upload them on App or Play store. Unsuspecting customers install them on their devices and key in their sensitive account information. The information is immediately captured in the hacker’s system. The best prevention method is to only install legitimate apps. Use third-party monitoring strategies to identify fakes fast.
Impersonated social media accounts
Fraudsters open fake social media accounts to actively engage with customers who think they are engaging with the real brand. They provide information and open accounts using fake links. The different ways of protecting social media accounts are automation, the use of logo recognition models, and the use of risk and similarity scores.Â
Regular penetration testing
Vulnerabilities in the business system always lead to higher attack probabilities. Penetration testing procedures help companies identify any weak points or loopholes that could be used by attackers. The two main penetration testing methods are external and internal testing. Internal testing is performed within a company’s network, while external testing is performed remotely over web servers, mail, and FTP servers.
Conclusion
In 2021, the business sector lost $1.8 billion due to impersonation attacks. A business executive is likely to receive an impregnation email every 24 hours. The main impersonation methods used by attackers are fake applications, websites, email addresses, and social media accounts. The best protection strategies are the use of AI, the use of email security solutions, and conducting regular penetrating testing on business systems.