Brand Forgery Email Protection
Phish Protection Technology Protects Against Brand Forgery Emails
Brand forgery is easy to do and hard to detect
Brand forgery, also known as brand impersonation, is a category of phishing emails that uses well-known company names and logos to exploit victims. The trick with brand forgery is to make the email so convincing that the recipient doesn’t give it a second thought.
One brand forgery technique used by attackers is to take a legitimate email from a recognized brand and simply replace an embedded link with a malicious one. That can make brand forgery emails extremely difficult for humans to detect.
Brand forgery targets businesses with business emails
Another reason brand forgery emails are hard for humans to detect is because they are typically emails that make sense in a business context. They are from recognizable B2B companies with messages that make sense in a day-to-day business setting.
Emails have been uncovered forging brands from finance companies like Bank of America, JPMorgan Chase, Wells Fargo and PayPal. They have also be detected for companies like Dropbox, Microsoft, Gmail, Google Docs, LinkedIn and AT&T. Any of which could make sense for your business.
The components of brand forgery
There are a handful of common components that attackers use to enact brand forgery:
- Domain name spoofing: faking the “from” address in the email
- Display name spoofing: faking the sender name in the email
- Malicious embedded links: using HTML tags to hide the real link destination
- Lookalike domains: URLs that look similar to the real thing
- Lookalike websites: websites that look similar to the real thing
Asking employees to check for all these frauds is asking a lot. Especially because not every branded email is a forged email.
Not every branded email is a forged email
The real challenge with brand forgery emails is that not every branded email is a forgery. Companies do have legitimate business reasons for contacting businesses via email and they don’t want those emails blocked by email protection tools like spam filters.
To ensure that brand forged emails get blocked but legitimate ones get through requires quite an effort. As things turn out, preventing brand forgery is much easier for technology to deal with than people.
Brand Forgery is easier for technology to deal with
Separating out legitimate emails from brand forgeries requires evaluating all the different parts of an email. Headers, embedded links and body content should be scanned for inconsistencies in formatting and the content itself. But if you really want to prevent brand forgery, you must interrogate the linked-to websites themselves.
Enterprise-class email protection without the enterprise price
For one low monthly price and no per-user fees, Phish Protection’s integrated email security solution protects your employees from brand forgery and many other email attacks. 24x7. On any device.
Phish Protection comes with features you’d expect in more expensive solutions:
All Plans Come With
- Stops brand forgery emails
- Stop threatening emails before they reach the inbox
- Continuous link checking
- Real-time website scanning
- Real time alerts to users and administrators
- Check 6 URL reputation databases
- Protection with settings you control
- Protection against zero day vulnerabilities
- Complete situational awareness from a single web-based console