Brand Forgery Email Protection

Phish Protection Technology Protects Against Brand Forgery Emails   

Brand forgery is easy to do and hard to detect

Brand forgery, also known as brand impersonation, is a category of phishing emails that uses well-known company names and logos to exploit victims. The trick with brand forgery is to make the email so convincing that the recipient doesn’t give it a second thought.

One brand forgery technique used by attackers is to take a legitimate email from a recognized brand and simply replace an embedded link with a malicious one. That can make brand forgery emails extremely difficult for humans to detect, creating the need to have a good anti phishing software.

Brand forgery targets businesses with business emails

Another reason brand forgery emails are hard for humans to detect is because they are typically emails that make sense in a business context. They are from recognizable B2B companies with messages that make sense in a day-to-day business setting.

Emails have been uncovered forging brands from finance companies like Bank of America, JPMorgan Chase, Wells Fargo and PayPal. They have also be detected for companies like Dropbox, Microsoft, Gmail, Google Docs, LinkedIn and AT&T. Any of which could make sense for your business, and could target your organization financially if you don’t have spear phishing protection.

The components of brand forgery

There are a handful of common components that attackers use to enact brand forgery:

  • Domain name spoofing: faking the “from” address in the email
  • Display name spoofing: faking the sender name in the email
  • Malicious embedded links: using HTML tags to hide the real link destination
  • Lookalike domains: URLs that look similar to the real thing
  • Lookalike websites: websites that look similar to the real thing

Asking employees to check for all these frauds is asking a lot. Especially because not every branded email is a forged email.

Not every branded email is a forged email

The real challenge with brand forgery emails is that not every branded email is a forgery. Companies do have legitimate business reasons for contacting businesses via email and they don’t want those emails blocked by email protection tools like spam filters.

To ensure that brand forged emails get blocked but legitimate ones get through requires quite an effort. As things turn out, preventing brand forgery is much easier for technology to deal with than people.

 

Brand Forgery is easier for technology to deal with

Separating out legitimate emails from brand forgeries requires evaluating all the different parts of an email. Headers, embedded links and body content should be scanned for inconsistencies in formatting and the content itself. But if you really want to prevent brand forgery, you must interrogate the linked-to websites themselves.

The linked-to websites should be scanned for page size, domain name, on-page content, as well as hidden fields and JavaScript with injection code. They should be compared to Fortune 5000 websites, bank websites and other frequently-used websites. It’s easy to see why stopping brand forgery requires the use of phishing prevention technology.

Enterprise-class email protection without the enterprise price

For flexible per-user pricing, PhishProtection’s integrated email security solution protects your employees from business email compromise (BEC) and many other email threats. 24×7. On any device. With features you’d expect in more expensive solutions:

All Plans Come With

  • Stops business email compromise (BEC)
  • Stops brand forgery emails
  • Stop threatening emails before they reach the inbox
  • Continuous link checking
  • Real-time website scanning
  • Real time alerts to users and administrators
  • Protection with settings you control
  • Protection against zero day vulnerabilities
  • Complete situational awareness from web-based console

Join 7500+ Organizations that use Phish Protection

Phish Protection works with System Administrators, IT Professionals and IT Executives in thousands of companies worldwide. Sign up and protect your organization from phishing attacks in less than 5 minutes