The integrity of brand and identity is essential in protecting a business. Adversaries are routinely impersonating businesses and critical online services to target customers and significant business transactions: they’re registering domains, creating fake mobile applications, imitating documents sent in email, spinning up spoof social media profiles of key executives – all with the aim of duping people to comply with their schemes and allowing them to steal, disrupt, damage or destroy.
Last year’s indictments issued by the United States Department of Justice (DOJ) against an individual associated with Lazarus Group underscored just how effective well targeted phishing can be: culturally relevant, free from spelling and grammar errors and hitting the right psychological buttons to yield a result.
These types of impersonations are not only of interest to security teams. They are also particularly acute for fraud teams, who are grappling with increasing online payment fraud risks, which are notoriously difficult to measure on a global basis. However, by detecting these impersonation attempts, organizations can better detect the targeting of customers, as well as the sale of fraudulent and counterfeit goods.
Top four types of brand risks
There are four main ways adversaries impersonate an organization’s online brand to target customers or employees.
- Domain Infringement. Adversaries register web domains similar to your actual domain names, including typosquats and domainsquats. They often use these in phishing, malware or credential harvesting threats. Over a year, the typical Guard Street customer will detect approximately 300 spoof domains.
- Spoof Company Social Media Profiles. It’s very common to find social media accounts set up to imitate organizations, often with the view to target customers. These spoofs usually take the form of fake support profiles that seek to dupe customers into clicking on malicious links or revealing their credentials.
- Spoof VIP Profiles. This is a similar approach to fake social media profiles, although here the spoofs are of the employees themselves. However, the objectives are different as the adversaries use these profiles to launch convincing Business Email Compromise (BEC) campaigns.
- Spoof, rogue or malicious mobile applications. As the use of mobile devices continues to increase, organizations are turning to mobile applications that enable them to better interact with their customers and provide new tools for employees. Unfortunately, cybercriminals also want to communicate with your customers and create spoof mobile applications that seek to harvest their information.
Lowering barriers to entry for phishing emails
Even the least sophisticated threat actors have access to a wide variety of forums, groups and tools where they can learn the latest phishing techniques, as well as purchase step-by-step tutorials and phishing templates to conduct their campaigns.
In serving our customers, we regularly see BEC and Whaling attacks routinely combine false domains with out of band communications on convincing looking web services. In some cases, whole call centers are set up to perpetuate the deception. Knowing the location of legitimate assets and detecting the anomalies can help manage this risk.
How Guard Street secures online brands
With our Brand Protection service, organizations register their brand names, web domain names, social media handles and official mobile applications as assets for digital monitoring. Through our portal, we provide the most relevant and critical digital risks with complete visibility, context, recommended actions and ways to take down these phishing attempts.
Free tools to get started
There are many tools available to identify these impersonations, such as DNS Twist, Xorz’s Phishing Catcher and URLCrazy.
To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails or schedule a demo here. Or go to www.guardstreetcyberpro.com.