Brand Impersonation is Big Business

Stay Aware Stay Safe Stay Updated November 17, 2021
Cora Younie

author:

Brand Impersonation is Big Business

We’ve all received spam emails at some point since its inception, as we know it, in 1996. Phone spam has been around much longer than the onslaught of fraud we all face every day online. And with computers that also make calls tucked in our pockets and purses, there’s no end to the text messages, calls, and emails that invade our lives.

But there’s more to brand impersonation than that. In this post, I’ll outline different forms of brand impersonation and what to do about it. Some of these I know you see every day. Others are sneakier and more dangerous.

Identity theft is a well-coordinated and booming business. Fraudsters are the experts at social engineering ways to exploit human weakness for their own gain. Scams, where a fraudster pretends to be a recognizable brand to get you and me to share our confidential and personally identifiable information, are common. If just one person falls for the attack, the fraudster will likely get a return on their investment.

Contact Phishing – Bad Grammar & Bad Formatting

Email

Advancements in email filtering have been a benefit to us all. Most email services are good at filtering out spam and scam messages. But if one of those sneaks into your inbox, DON’T CLICK ANYTHING. If the message is a warning or notification about an existing account, whether you recognize it or not, contact the company’s support team through their website to validate the warning.

Image of an open email on a mobile screen. Subject: FWD: Shipping: The USPS delivery number. Body of email: USPS logo, Hi custommasks4u@emailprovider.com, Your parcel is on hold! (in italics) Our driver has attempted the delivery of your parcel (font format changes to courier) and was unable to get a signarue to ensure its secure delivery hyperlink: Reschedule delivery. There are two teal text boxes, one points to the email and says "Shipping Updates are important." the second points to the reschedule delivery link "But this link doesn't go to USPS.
Emails from places, such as USPS, can lure you into giving away confidential information about yourself. Always hover over links in emails like these to see if they go to websites that make sense.

Text

Texts from unknown numbers are on the rise. Once again, DON’T CLICK ANYTHING. Look up the number you received a text from before replying. If you’re unsure, instead of clicking the link, contact the brand’s support team through their website/app and inquire about the message.

Image of text message window showing an unknown contact from +1 (904) 6497546 received Saturday, July 24, 2021. A message "Relief payment was cancelled, login to view https://t.yr12t.com/D1Cmg2". There are two teal text boxes, one points to the phone number and says "We all get messages from weird numbers." the second points to the message "But this link asks for your SSN."
Clicking on links in text messages from numbers you don’t know can be dangerous. Many times they send you to a site asking for personally identifiable information to verify an account. Do not fall for these elaborate traps to give away your Social Security Number or Credit Card information.

Call

If you are still answering spam calls, save yourself some stress and install a spam call notification app NOW. This isn’t going to prevent them all from coming through, but it’ll give you a clearer answer on whether you should answer that unknown number. If you do find yourself on a call with a fraudster, they’ll ask for some of your personal information to “verify an account”. DO NOT give them any of your personally identifiable information!

Domain Spoofing – Bad Domain

Domain spoofing and the use of fake landing pages for real websites are becoming a fairly common tactic of brand impersonation. Typically, these are links provided through phishing emails and texts. Fraudsters have gotten very good at imitating websites and getting your valid credentials through a fake log-in page. If you’ve clicked a password reset link you didn’t request and end up on a log-in page, look at the domain. If it doesn’t make sense, DON’T CLICK IT. Enter the actual domain for the site and go through the steps to reset your password.

Image of Instagram log-in page. The website in the address bar reads "www.instagrarn.com". There are two teal text boxes, one points to the log-in text boxes and says "This looks like the Instagram log-in page." the second points to the address bar and says "But that address doesn't look right."
Fraudsters use tricks such as “rn” instead of “m” in a domain name or email. Especially on mobile devices, we rarely look at the web address as closely as we may need to.

Bank Apps – Exploiting Human Fears

The wide use of bank and cash transfer apps (CashApp, Venmo, Paypal) has brought a new level of extra scary scam to our cell phones. We all panic a bit when we get a notification from our bank. Fraudsters know this and are well versed in exploiting that fear. If you receive a notification from your bank where they ask for ANY of your personal information to verify your account or a promotion from a cash transfer app, contact your bank immediately through their customer service. Use the number on the back of your credit or debit card or call them through the contact information available on their website. Make sure you double-check the domain and ensure that you’re talking to the real support.

Image of text message window showing an unknown contact from +1 (376) 555-9878 received Mon, Nov 17, 2:11 PM. A message "FREE MSG: Bank Fraud Alert - Did you approve a Transaction for the amount of $2,500? Reply YES or NO to Approve or Deny the Transfer". There are two teal text boxes, one points to the received date of the text message and says "It's good to be notified of fraud by your bank." the second points to the message and says "But don't reply to texts you don't recognize."
These scams start out as a simple text and escalate quickly to a “bank representative” requesting that you transfer money through a cash app to reverse the fraudulent transfer.

As I recommend here, here, and here; the best method to fight against any kind of internet fraud is to use complex and unique passwords in conjunction with a password manager. But that won’t protect you when you fall for some of these more malicious tactics. Best practice: DON’T CLICK LINKS and contact customer service through the company’s proper channels if you believe your account has been compromised.