As consumers and businesses are gearing up for Black Friday, Cyber Monday, and the upcoming festive shopping season, it’s important to be on the lookout for brand impersonation attacks. A brand impersonation attack typically involves cybercriminals mimicking trusted brands to dupe end-users into engaging with a malicious platform, which can then be used to harvest credentials, incite fraud, steal personal information or money, or launch malware attacks.
Recent data from Mimecast's threat research team has revealed an increase in brand impersonations in 2022, with industries such as technology, logistics, and finance witnessing the most attacks. According to Stanley Hsu, Regional Vice President of Asia, Mimecast, “Customers today expect safe digital interactions, especially with reputable brands that they trust. However, brand impersonation can be extremely sophisticated, making it easy for consumers to fall victim to these attacks. Organizations need to make every effort to protect their online brands from impersonation, but consumers need to always exercise caution in the event that their favorite brand has not implemented the appropriate measures.”
Hsu also shared five tips for consumers and businesses to stay vigilant:
1. Be careful with urgent offers
Cybercriminals often try to create urgency so that the target is less attentive. During the festive shopping season, they do this through temporary offers. If you feel pressured to buy something quickly or click on a link, then something may not be right.
2. A secure URL doesn’t mean it’s safe
A lock in the address bar indicates that the website uses a secure https connection. But a secure website can still be dangerous - even with such a lock, it is possible that your device could be infected with malware or that the website tries to steal data.
3. Scan the website for language errors
Strange text, poor translations, and language errors can indicate that a website is fake. But while it’s important to look out for spelling and grammatical mistakes, don’t only rely on checking for these as most impersonated websites today are very convincing.
4. Don't blindly click on links in emails
If you have received an email with a link from a well-known retailer, don’t assume you will end up on the retailer's legitimate website. You can’t blindly rely on the authentic appearance of a URL, the website, the sender and the email address. Through 'spoofing', cybercriminals can fake these things relatively easily.
5. Navigate to the official website
Instead of clicking on links in emails, it’s safer to go directly to a website by typing the URL into your browser. You could email their official address listed on their website and communicate that way, rather than responding to the email.