An explainer on Brand Impersonation Attacks

We’ve all probably received a fraudulent email claiming to be from a government agency, courier or large distribution company such as Amazon or Apple. These emails typically have some kind of giveaway to their fraudulent nature, in particular an email address that does not match the domain of that organization, typos and other strange formatting. But what about the more sophisticated attacks? And what impact do they have on the brands they imitate?

The SSL Store has an in-depth primer on the nature of Brand Impersonation attacks. In particular, they highlight the various methods that spoofers use (email, SMS, voice mail messaging) as well as they messages they try to use to lure in an unsuspecting user, such as posing as a sales representative, vendor, billing agents, tech support or even law enforcement.

Ultimately, attacks such as these are playing on the reputation of the organizations they’re mimicking and can do real damage to the brands if the attacks are successful enough. SSL certificates go a long way to verifying an organization’s identity, but they also highlight other methods of digital signing, particularly for emails and intra-office communications. For any organization that corresponds with clients, it’s worth reviewing the importance of IT security and being able to recognize legitimate correspondence.