Steps to protect against online brand impersonation attacks

Steps to protect against online brand impersonation attacks

Werno Gevers, a cybersecurity expert at Mimecast, says cybercriminals are increasingly hijacking trusted brands to launch cyberattacks from lookalike web and email domains

Experts of CyberSecurity have consoled Mid-East organizations to take some proper action in order to protect themselves in opposition to online brand impersonation attacks. Those attacks could make clients and employees share their confidential data/ password/ bank logs.

Werno Gevers, a cybersecurity expert at Mimecast, says

Adversaries are continuously raging attacks on trusted brands via lookalike web and email domains, that is to raise opportunities of duping their targets. There the companies could even keep up with their adversaries. That’s a great matter.

“A lack of technology and appropriate security policies can leave the door open to criminals using trusted brands to trick customers, partners, suppliers, and the brand’s employees,” says Gevers.

Implementing online brand protection tools can support organizations to look for malicious websites impersonating their web and email domains before the clients turn into victims. This needs support from a strong regime of frequent and ongoing Awareness programs to alert every employee with the skills to observe and repel risky situations.

Steps to protect against online brand impersonation attacks

Gevers says employees that receive suspicious email communication on their work email address should report it to their security teams immediately. “Security teams can use this information to contain the threat and protect the rest of the organization.

The tools and tech that are powerful enough to protect the people inside and outside the organizations from online threats are with the Security teams. It can support in keeping the threats from spreading to the organization’s consumers, and partners. Moreover, it’s necessary to give information about harsh communication to security teams, that’s to enhance organizational security and flexibility towards an attack.

Sometimes you might not care but there could be some easy observe moments that could be the tricks under the sleeves of the scammer. Such could be:

  • Receiving unwanted messages from someone/ company that aren’t expected.
  • Messages that contain unbelievable offers, spelling errors/ some kind of alerts.
  • Mails from webmail A/cs, e.g. [email protected]
  • Mails containing redirects to login pages that have suspiciously long URLs.
  • Questions including PIN numbers/ login details.

Consumers’ Reaction

Company Survey in 2021, in which 75% of consumers in Saudi Arabia & 78% of consumers in the UAE declared they’d stop asking for services from their favorite brands if they ever fell into a phishing attack related to that brand.

In comparison, with a global average of 57%, this puts the region’s clients among the most unforgiving of all markets surveyed. The belief of more than 80% of consumers in the region is that brands should bear the responsibility to protect themselves from email impersonation.

Report 2022

In spite of the risks, Mimecast’s latest State of Email Security 2022 report observed that 42% of organizations in Saudi Arabia and 38% in the UAE were only somewhat prepared. There the case also could be like they were not prepared at all and that’s to deal with attacks that spoof their email domains.

In our opinion, it definitely leaves the door open for adversary doppelgängers to attack trusted brands in order to cheat clients/ employees. That’s only to make them fill out their confidential data into the fake forums that would definitely become the sources of crime in the future onwards via social engineering attacks. Or this could lead to a breach of organizational defenses.

Steps to protect against online brand impersonation attacks

 

ADVICE TO PRESERVE DATA

“If you see one or more of the above signs, stop immediately and verify the request by contacting the organization who is purportedly reaching out to you. Don’t rely on the number provided in the communication: if the email claims it’s from your bank, E.g.

  • Rather than trusting on a phone call imitating an official call made by the bank. Call on their main number and check the validity of the communication.
  • Don’t ever share your login details with anyone.
  • Don’t make payments with cryptocurrencies.
  • Don’t click on links unless you know they can be trusted.

Despite a company/ consumer’s best efforts, it’s possible enough that adversaries could succeed in tricking someone into sharing sensitive data, which could lead to committing a crime later as fraud or breaching organizational defenses.

 

Note: If this is the case, Gevers advises that the victim take immediate steps to limit the potential damage.

Actions should be taken

  • Firstly, change all your social media, email, and banking passwords.
  • If an email communication was sent to you by a scammer, report it to your security team so they are aware of it.

No one likes to fall victim to cybercrime but don’t feel shy when complaining about it. It could only make the case worse. Honesty and swiftness can potentially prevent other people from becoming victims too.”

Plus, any such cases should be reported to the officials faster. Therefore, law enforcement may investigate and, hopefully, find and prosecute the attackers.

“Countries across the Middle East have acknowledged the dangers cybercrime poses to their citizens, businesses, and critical infrastructure, and are taking steps to strengthen law enforcement capabilities to combat the scourge of cybercrime.”

Kindly read more articles:

Cyber Criminals Attacked in a Phishing Campaign!

Dahua IP Camera Unlocked the Controls over any Device Connected

 

Leave a Reply

Your email address will not be published.