As far as phishing attacks go, brand impersonation is the go-to tactic for attackers. This is especially true for credential phishing and business email compromise attacks (BEC). And according to a recent analysis, there are some pretty surprising discoveries regarding brand impersonation.
For starters, is the top 10 list of most phished brands. Many are recognizable like Microsoft, Google, PayPal and NetFlix. But there were also some lower profile organizations that surprisingly made the top 10 list including Maersk, DHL and WeTransfer. Not exactly household names.
Perhaps the most useful discovery is that brand impersonation attacks come in three varieties:
- known brands,
- own-brand and
- related stakeholders.
Known brand impersonation is where a well-known brand, like Google, is used in the attack. Own-brand is where the company’s own name and branding are used to attack it. Related stakeholder attacks use “brands of stakeholders related to the targeted company against it. These can include customers, suppliers, partners, and other organizations that work closely with the employees of the targeted company.”
What that means is, if you want to stop brand impersonation phishing attacks, you’d better be prepared to identify all three types of attacks. The bad news? These types of attacks are on the rise. According to Abnormal Security, “Payment and invoice fraud attacks, largely driven by vendor fraud, grew by 112% over the last quarter.” In other words, it more than doubled.
It’s not realistic to expect your employees to be able to spot all three types of brand impersonation attacks. When all three tactics are taken into account, there are just too many brands and too many phishing tactics for busy employees to spot them all. And it only takes one to get through to compromise your whole company. Your employees are going to need some help in defending your company from brand impersonation attacks. And that help is Phish Protection.
Phish Protection is cloud-based email security with real-time link scanning technology. What that means is it doesn’t get fooled by any of the three brand impersonation tactics because it doesn’t even look at the branding. It only looks at the underlying code and where it links to. So, if a link points to a suspicious or malicious site, the email is quarantined and kept out of the user’s inbox, no matter how good the brand impersonation sleight-of-hand is.
Cloud-based email security means Phish Protection requires no hardware, no software and no maintenance. It also means it works with all major email services and sets up in about 10 minutes. And the best part? It cost only pennies per user per month.
When you’re ready to make those brand impersonation phishing emails a thing of the past, get Phish Protection. You can even try it free for 60 days. No credit card required.