55525735-min (4)

Phishing: Online Brand Impersonation

Brand Impersonation is a kind of phishing attack where attackers claim to be from a product/service that is known. They send out malicious content-containing emails. These emails appear like a well-known bank, credit card company, an e-commerce site, or even an organization of the government.

The number of phishing sites identified per week has increased dramatically from 3,800 in November 2007 to 49,696 in November 2017, according to Google’s Transparency Report 2018.

Reasons of Brand impersonation

  • Use the login credentials of the target to view financial details and enable transfers of funds.
  • Stealing personal information to offer to others, such as address or phone number.
  • Ruin the confidence of the clients of a service provider by paying fake dues to them.

Four types of Brand risks

  • Domain Infringement- Adversaries file web domains that are identical to your existing domain names, including typo squats and domain squats. They also use these in attacks to collect phishing, ransomware, or passwords.
  • Spoof Company Social Media Profiles-  Having social media accounts set up to mimic organizations is all too normal, often to influence customers. These spoofs typically take the form of bogus help accounts that threaten to dupe clients by clicking on malicious links or exposing their credentials.
  • Spoof VIP Profiles-  This is a similar approach to fake profiles on social media, although here the spoofs are the staff themselves. Nonetheless, when critics use these identities to conduct persuasive Business Email Compromise (BEC) initiatives, the goals are distinct.
  • Spoof, rogue or malicious mobile applications- While mobile device use continues to grow, companies are moving to mobile applications. Sadly, cybercriminals also build smartphone spoof apps trying to capture their details.

How do Hackers impersonate a brand ?

  • Source Forgery- Source forgery refers to the process in which an email fakes the ‘ From ‘ code. Hackers will easily manipulate an email’s ‘ From ‘ address to make it look real.
  • Links- Product impersonation phishing attacks will have links inserted in the email designed to look trustworthy to click on the potential target. Hackers create false connections to make such ties look genuine.
  • Domains Lookalike- Hackers purchase domains that appear like a recognized brand’s domain. This encourages the effectiveness of client impersonation attempts by hackers.

Brand Impersonation Strategies for Defense

  • Two-factor authentication- Integrate security measures and higher-level access for all the online portals and accounts. Keep criminals with two-factor authentication from infiltrating your network, significantly reducing the chance of a successful direct attack on your servers.
  • Website SSL- Help customers decide more quickly whether they have landed with SSL certification on a valid, official website belonging to your company.
  • Communication- Include a security policy in consumer-facing newsletters, on your social media accounts, and the web, along the lines of “Brand XYZ will never message you to request information about your customer username or payment card”.

Use Anti Phishing Services: Using Anti phishing services will help you monitoring and tracking your brand related activities over the internet and helps with defending against spamming and infringement.

Be prudent towards cybersecurity before its too late

How to protect against Phishing attacks?

Phishing attacks has increased over the years to such an extent that the statistics related to this matter are quite sobering. It is now estimated that more than 1 percent of all emails sent worldwide are phishing attacks, while 4 percent of branded emails are actually phishing attempts.
In the last five years over $12 billion in damages are related to email phishing scams. Organizations are trying different methods to avoid these scams. There is no To-Do tutorial as such for completely vanishing phishing risk from your environment, rather a concerted phishing protection policy should be built to eliminate this dangerous aspect of the modern Internet.

Tips to avoid Phishing

These are several tips which are inspired by Phishing.org to avoid phishing scams:

  1. Be Vigilant

    When dealing with phishing attacks the key is simply to be sensible and vigilant at all times. You cannot afford to let your arsenal down, regardless of whether you’re using email or web surfing.
    Never click on the links, download files, or open any email attachments without confirming their authenticity. Be aware that legitimate organizations have strict policies and will never request sensitive information via email.

  2. Train Employees

    Any organization is only as strong as its weakest employee, so it is necessary to train and educate staff regarding phishing. This training really needs to be delivered on an ongoing basis as well, and they should be educated with different methods for maximum reach.
    Use Phishing Simulation service like PhishGrid to train and educate users regarding phishing attacks and attempts.

  3. Avoid Shortened Links

    Everyone has seen great offers/links on different social media platforms and some of them are useful. Avoid these type of links unless you’re sure about its authenticity.

  4. Phishing Techniques

    Attackers use different phishing techniques to target their victims. Their is a sense of urgency and something that needs to be done with the utmost priority.

  5. Use Secure Browsing

    By using a secure website, indicated by https:// and a security ‘lock’, you will massively reduce the chances that you can be subjected to phishing attacks.

  6. Verify Site Security

    Whenever you’re entering sensitive financial information, or any form of private data, it is essential to verify the security of the site to which you are submitting it.

    Checking the security certificate of the site can often be an excellent way of establishing whether a particular website contains malicious files.

  7. Update Your Browser

    Attackers take advantage of exploits in commonly used applications and services. Weaknesses in web browsers are in particular is a great way for online phishing.It is utmost important to update your browser regularly on a regular basis.

  8. Use Anti Phishing Solutions

    TIKAJ provides an end-to end Anti-Phishing Solutions, from monitoring & detection of phishing incidents, through to the site take-down incident response and take-down of an incident. Using inhouse developed machine learning algorithms we detect, analyze and proactively dismantle the systems and illicit services cybercriminals depend upon to carry out phishing attacks.

Make anti-phishing solutions ride shotgun in your company’s modus operandi

Reason to invest in Anti-Phishing Solutions

Phishing is an attempt to obtain a company’s confidential data by acting as a trusted authority via messages, messengers, or any other means of communication. Phishing was the third most common type of scam reported by victims, according to the FBI’s 2017 Internet Crime Report.

Reason to invest in Anti Phishing Services:

  1. Cost-Effective for Organization

    Investing money on phishing countermeasures such as anti-phishing services is better than losing money through cyber-attacks. Anti-phishing services will save you from severe financial losses and in the future, it will pay off.

  2. Secure Brand Reputation

    Anti-phishing solutions save your organization’s brand name from fraud techniques that exploit the reputation of a brand. Attackers typically misuse brand names by charging customer payments in return for fake service delivery promises.

  3. Security of Confidential Corporate information

    Not only do phishers aim at the credentials of the business, they even try to exploit corporate secrets. Anti-phishing technology helps prevent disclosure or abuse of your company’s confidential information.

  4. Protecting Customers

    Nothing can beat phishers when it comes to impersonating and tricking people to steal their information. Phishing attacks will threaten clients and misguide them in the name of the company to gain their financial information.

  5. Less chances of Human error

    Anti-phishing approaches focus primarily on training employees and helping them prevent any kind of errors.

  6. Phishing is the axis of assault for all hackers

    Phishing is by far the most exploited vector of attack, or technique, through which hackers get their targets to do bad things inadvertently.
    For example: Stealing Credentials, Duping workers for payments that are illegal, Deploy spyware or malware, Stealing information from PII or PHI.

Start new year with additional security in your organization. TIKAJ provides comprehensive Anti-Phishing Solutions that helps combat against Phishing with in detail insights and service.

Be prudent towards cybersecurity before its too late

What is Cybercrime?

Cybercrime is on the rise in today’s tech world. Criminals on the World Wide Web are exploiting the personal information of Internet users to their own advantage. They dive deep into the dark web to buy and sell illegal goods and services. They even have access to classified government information.

Cybercrime covers a wide range of different attacks such as cyber extortion, cyber warfare, computer viruses or malware spreading, Internet fraud, spamming, phishing, carding (fraud) and infringement of intellectual property rights, etc. Data hacking and related cyber crimes have cost multinational companies a trillion US dollars, according to a report by McAfee based on a survey conducted globally on more than 800 IT company CEOs in 2009. For the highest number of cybercrimes, India was ranked among the top five countries in the world in 2013. The number of cybercrimes in India could reach 300,000 in 2015, according to an ASSOCHAM survey.

How Cybercrime works ?

Cybercriminals use many vectors of attack to perform their cyber-attacks and are constantly searching for new methods and techniques to achieve their goals while avoiding detection and arrest.

Different Types of Cybercrime

  1. Phishing

    This type of attack begins with a falsified email message. Cybercriminals use the similarity of a company’s or organization’s address and logo to get secret information such as passwords, credit card numbers, etc. Such information is later used without the victim’s knowledge to enter emails and make online purchases. They may also delete some information without being noticed from the victim’s computer. Phishing is a cybercrime that is most successful in victimizing an individual.

  2. Smishing

    Smishing is a type of fraud that uses text messages from the mobile phone to lure victims to call back to a fraudulent phone number, visit fraudulent websites, or download malicious content over the phone or web.

  3. Vishing

    Vishing is an attempt to find personal information such as Customer ID, Net Banking Password, ATM PIN, OTP, Card Expiry Date, CVV, etc.

  4. Spamming

    Spamming takes place when someone receives unsolicited commercial messages sent via email, SMS, MMS, and other similar electronic messaging media. They may try to persuade receptive to purchase a product or service or visit a website where they can make purchases, or try to trick them into disclosing bank account or credit card details.

  5. Identity theft

    A cybercrime happens when a criminal gains access to the personal information of a client to steal cash, access confidential information, or engage in tax or health insurance fraud. In your name, they can also open a phone/internet account, use your identity to conduct criminal activity, and demand government benefits on your behalf. They can do this by finding out the passwords of users by hacking, collecting personal information from social media, or sending phishing emails.

  6. Social Engineering

    Social engineering involves offenders, usually by phone or email, making direct contact with you. We want to gain your confidence and usually act as a customer service agent in order to provide you with the necessary information. This is usually a password, the company for which you are employed, or information about banks. On the internet, cyber criminals can figure out what they can do with you and then try to add you through social accounts as a friend. They will sell your data or secure accounts in your name once they have access to an account.

  7. Ransomware

    Ransomware is a type of computer malware that encrypts files, storing media on communication devices such as desktops, laptops, mobile phones, and so on, holding data/information as a hostage. To get his device decrypts, the victim is asked to pay the requested ransom.

Prevention

  • When visiting websites, become alert.
  • Notice and record emails that are suspicious.
  • Never click on unknown links or advertisements.
  • Ensure the websites are secure until credentials are entered.
  • Maintain up-to-date antivirus / application programs.
  • Use strong 14 + character passwords.
  • Keep up to date on major breaches of safety.
  • Use Anti Phishing Services.