Cybercriminals Are Stealing More Than Just Data. They’re Also Stealing Brand Reputations.

June 25, 2021

Don’t Let Your Brand Reputation Be Stolen By Cybercriminal Impersonators

When we think about cybercrime against businesses, we often think of hackers stealing data or infiltrating systems to unleash malware. But what often gets overlooked is the danger of cybercriminals stealing your company’s brand reputation and using it for their own profit. Portraying their malicious messages as legitimate communications from your successful trusted brand using techniques like email spoofing enables them to slip through conventional email security. Using your brand also makes it easy for cybercriminals to mount cyberattacks like business email compromise and phishing operations against your clients and associates. Altogether, brand reputation theft and identity fraud is a dangerous menace that can do long-lasting damage to a company’s brand reputation.

What’s next in phishing? Find out in the 2021 State of Email Security Report! GET IT NOW>>

Cybercriminals Love to Profit from Your Hard Work

You’ve spent time and money building your brand, and cybercriminals would love nothing more than to piggyback on your hard work for their own gain. One of the ways that they can easily do that is through brand impersonation. The Verizon Data Breach Investigations Report 2021 shows the rapid rise of brand impersonation, called Misrepresentation in this instance, clocking in 15 times higher than it did in 2020. The DBIR notes that this growing category is an aspect of social engineering and a direct precursor to business email compromise attacks.

Stealing your company’s brand reputation is just like stealing its identity. It’s not very different than sealing your personal identity, and just as problematic. It’s damage that sticks around too, as it can take a long time to rebuild trust with your clients and partners. It’s definitely something every business should be cognizant of protecting against, but almost half of businesses aren’t doing a thing about it. Even government agencies are at risk. In a 2021 risk survey, researchers discovered that a surprisingly high 48% of the businesses that they surveyed did not have effective security in place to ward off brand impersonation attacks. That’s a sure road to disaster for your business and your clients. Cybercriminals can quickly and easily target your customers with sophisticated, tempting phishing messages that are designed to be indistinguishable from the legitimate ones that you send out, giving them an edge in successfully mounting attacks.

See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>

Brand Impersonation Isn’t Limited to Any One Industry

Every brand is at risk for impersonation, but some continue to be favored over others by cybercriminals when they’re planning phishing attacks. In a recent report on the brand impersonation landscape in Q2 2021, perennial cybercriminal darling Microsoft continued to reign supreme as the most imitated brand for phishing attempts in the April-June quarter. An estimated 45% of all brand impersonation phishing attempts were related to Microsoft in Q2 2021, up six points from Q1 2021. Shipping giant DHL followed closely behind in the number two position at 26% of the total phishing attempts, regaining the spot that it lost to Zoom in 2020. The list of most fraudulently represented brands also shows that cybercriminals are willing to dig into any industry to find a good lure.

The third most imitated brand also illustrated a phishing trend in brand impersonation attacks. An estimated 11% of the surveyed messages were fraudulently represented as from Amazon. The retail giant also held another distinction in the brand impersonation game. In the weeks leading up to the eagerly awaited Amazon Prime Day in Q2, cybercriminals pulled out all the stops, registering more than 2,300 new domains that utilized domain spoofing to latch on to Amazon’s brand in some way. An adjunct of brand impersonation, domain spoofing is all about the link. Microsoft just published a blog detailing this type of phishing and its offshoots. In the scenario that they present, the cybercriminals rely on the use of a “homoglyph” or imposter domain to phish credentials and information from the targets.

All in all, brand impersonation thrived in April, May and June of 2021. In order of overall appearance, the top phishing rands in Q2 2021 were:

  • Microsoft at 45%
  • DHL at 26%
  • Amazon at 11%
  • BestBuy 4%
  • Google 3%
  • LinkedIn at 3%

Learn how to add to your security team without adding to your headcount. FREE EBOOK>>

Protect Your Brand’s Reputation by Protecting Your Business from Phishing

Protecting your company and your brand from brand impersonation attacks is tricky, but a large part of the danger can be eliminated by preventing dangerous messages from reaching your employees in the first place. Your team members are both potential targets and potential victims of brand impersonation attacks. These sophisticated messages can be extremely hard for people to spot and a rife with elements of social engineering designed to frighten or fool your employees into interacting with them.

But social engineering is no match for Graphus. Unlike humans, the TrustGraph technology that powers our signature 3 shield defense will never be fooled by sophisticated, socially engineered phishing messages. It spots and stops 40% more phishing messages than a conventional email security solution or SEG. It’s also quick to find and eliminate new dangers like zero-day threats. That’s because it doesn’t depend on technicians to feed it threat reports to know what to look for. Graphus never stops learning, gathering its own threat intelligence to respond to burgeoning threats faster than the competition.

Don’t wait until your brand or your company is endangered by brand impersonation to put strong protections in place to stop it. Contact our solutions experts today to put Graphus to work for you.

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus