Brandjacking email scams: data theft and malware hiding in plain sight
Craig McDonald
We stop email threats others miss ??? mailguard365.com | Enhance your Microsoft 365 security | Trusted by startups and industry leaders like Porsche | Endorsed by Satya Nadella | Non-techie CEO
In this age of internet-based commerce, all cybercriminals need to do to take control of our company’s finances or steal our data is getting us to click on a link. Scammers have come up with some devious tactics to induce their victims into falling for their tricks, and one of the most successful is brandjacking.
Essentially, brandjacking is a kind of forgery; scammers exploit the trademarks of well-known companies to deceive their victims and gain their trust.
In a typical brandjacking scam, criminals create email templates that look like messages from big companies and send them out wholesale to millions of recipients. When the scam messages show up in victim’s inboxes they feel safe opening them, because they look like legitimate emails from familiar companies.
Some common brandjacking formats are fake invoice notifications or requests for account verification.
This is a screenshot of a recent brandjacking email that MailGuard intercepted:
Although this message is not well written, it uses the Westpac logo to gain the trust of the recipient. It’s easy to imagine a busy Westpac account holder scrolling through their emails and clicking on the link in this message without thinking. Even if one person in a thousand clicks on the link it’s a win for the criminals. They send these messages out by the millions, so the odds are in their favour.
The unwary person who follows the link in the email is taken to a fake bank login screen devised by the scammers.
Like the email message, this page carries bank branding to make it look convincing, but it is actually just a phishing site designed to harvest data.
If the victim enters their bank login details, the data is recorded by the criminals and used to hack into the victim’s bank account. Once they have entered their login details the phishing page sends the victim to the real bank website, so they are not even aware they have been scammed.
It’s that simple.
Here’s another example - it’s a notorious Netflix brandjacking scam that MailGuard intercepted earlier this year:
The ‘update payment’ link in this message actually takes the victim to a phishing website that collects credit card details - see screenshot below:
Messages like this are unlikely to be detected by traditional antivirus software so they reach the inboxes of new victims every day.
Sometimes the objective of a brandjacking scam is to get the victim to download and install hidden malware like trojans or ransomware.
This Telstra brandjacking scam hit unprotected inboxes all over Australia in January. The power of a scam like this is the popularity of the company it is ripping off. Telstra has a massive customer base, so there are plenty of people who would have seen this message as quite innocent.
Clicking on the ‘view bill’ link in the message took victims to a downloadable file that looked innocent enough, but when opened covertly installed malware onto their hard drive.
If your company’s email accounts aren’t protected, brandjacking emails are almost certainly being received by your staff. Cybercriminals know we can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we are all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
90% of all cyber-attacks against businesses are delivered via email, so it's essential to have the best cybersecurity available with multiple layers of protection.
For a few dollars per staff member per month, you can have the peace of mind of MailGuard's predictive email security. You’ll significantly reduce the risk of zero-day (previously unknown) threats and stop new variants of malicious email from entering your network.
If you need answers about cybercrime and how to protect your business, contact MailGuard [email protected]
> Join the conversation: follow me on Twitter or LinkedIn to stay informed about cybersecurity issues and news.