Brand Impersonation is Big Business
We’ve all received spam emails at some point since its inception, as we know it, in 1996. Phone spam has been around much longer than the onslaught of fraud we all face every day online. And with computers that also make calls tucked in our pockets and purses, there’s no end to the text messages, calls, and emails that invade our lives.
But there’s more to brand impersonation than that. In this post, I’ll outline different forms of brand impersonation and what to do about it. Some of these I know you see every day. Others are sneakier and more dangerous.
Identity theft is a well-coordinated and booming business. Fraudsters are the experts at social engineering ways to exploit human weakness for their own gain. Scams, where a fraudster pretends to be a recognizable brand to get you and me to share our confidential and personally identifiable information, are common. If just one person falls for the attack, the fraudster will likely get a return on their investment.
Contact Phishing – Bad Grammar & Bad Formatting
Advancements in email filtering have been a benefit to us all. Most email services are good at filtering out spam and scam messages. But if one of those sneaks into your inbox, DON’T CLICK ANYTHING. If the message is a warning or notification about an existing account, whether you recognize it or not, contact the company’s support team through their website to validate the warning.
Texts from unknown numbers are on the rise. Once again, DON’T CLICK ANYTHING. Look up the number you received a text from before replying. If you’re unsure, instead of clicking the link, contact the brand’s support team through their website/app and inquire about the message.
If you are still answering spam calls, save yourself some stress and install a spam call notification app NOW. This isn’t going to prevent them all from coming through, but it’ll give you a clearer answer on whether you should answer that unknown number. If you do find yourself on a call with a fraudster, they’ll ask for some of your personal information to “verify an account”. DO NOT give them any of your personally identifiable information!
Domain Spoofing – Bad Domain
Domain spoofing and the use of fake landing pages for real websites are becoming a fairly common tactic of brand impersonation. Typically, these are links provided through phishing emails and texts. Fraudsters have gotten very good at imitating websites and getting your valid credentials through a fake log-in page. If you’ve clicked a password reset link you didn’t request and end up on a log-in page, look at the domain. If it doesn’t make sense, DON’T CLICK IT. Enter the actual domain for the site and go through the steps to reset your password.
Bank Apps – Exploiting Human Fears
The wide use of bank and cash transfer apps (CashApp, Venmo, Paypal) has brought a new level of extra scary scam to our cell phones. We all panic a bit when we get a notification from our bank. Fraudsters know this and are well versed in exploiting that fear. If you receive a notification from your bank where they ask for ANY of your personal information to verify your account or a promotion from a cash transfer app, contact your bank immediately through their customer service. Use the number on the back of your credit or debit card or call them through the contact information available on their website. Make sure you double-check the domain and ensure that you’re talking to the real support.
As I recommend here, here, and here; the best method to fight against any kind of internet fraud is to use complex and unique passwords in conjunction with a password manager. But that won’t protect you when you fall for some of these more malicious tactics. Best practice: DON’T CLICK LINKS and contact customer service through the company’s proper channels if you believe your account has been compromised.