How Scammers Use Brands to Trick You

At Tech Mafia, our mission has always been focused on bringing openness and transparency to the IT world. We've always believed that by providing a space where business owners can learn more about their technology not only empowers them to make better choices, it also helps them grow. We're proud to be a part of creating a more open culture and to be leaders in this ever-evolving industry.

Image Description

In today's digital age, where trust and convenience go hand in hand, cybercriminals have honed a deceptive art form: impersonation. The ease with which they slip beneath your radar is nothing short of remarkable, exploiting the reputation of brands you know and trust. Across the globe, large brands and their identities – including Seattle natives like Microsoft, T-Mobile and Amazon - are used to mask nefarious acts of deception by hackers

These corporate giants have invested years in building an aura of trustworthiness through relentless marketing, exemplary customer service, unwavering branding, and unswerving consistency. Unfortunately, hackers are keenly aware of this, making them prime targets for impersonation.

The most common method is to use phishing attacks. These thieves set up URLs that look scarily similar to the real company's website. To slip by your watchful eye, here are some of the simple switches hackers make that can go unnoticed:

  • Switching out a zero for the letter "O" or a capital "i" for a lowercase "L." If you're quickly reading an email, it might look legit.
  • Adding in a word that seems like it could be a subdomain of the real company, like "[email protected]."
  • Using a different domain extension, like "[email protected]."

Some criminals will take it a step further and set up a web page that looks identical to that of the real website. When you click the link – via email, SMS or even through social media – several dangerous results can occur.

The first is that malware can be installed on your computer. Clicking a bad link can set off an automatic malware download that contains malicious files with the ability to collect personally identifiable information from your device, like usernames, credit card or bank account numbers and more.

The second is the fake website will have a form to harvest your information. This could be login credentials, passwords and, in some cases, your credit or bank information.

The third most common issue is an open redirect. The link might look legit, but when you click on it, you're redirected to a malicious website where the intent is to steal your information.

Here Are The Top 10 Most Frequently Impersonated Brands In Phishing Attempts In Q2 Of 2023 And Their Frequency of Impersonation:

  • Microsoft (29%)
  • Google (19.5%)
  • Apple (5.2%)
  • Wells Fargo (4.2%)
  • Amazon (4%)
  • Walmart (3.9%)
  • Roblox (3.8%)
  • LinkedIn (3%)
  • Home Depot (2.5%)
  • Facebook (2.1%)

Take a minute and ask yourself how many of the companies on this list send you regular email communications. Even just one puts you at risk.

Cybercriminals go the full mile with these scams. They know what types of messages work best for each company to get your attention.

Here are three common phishing attacks cybercriminals have used under these brands' good names to gain access to your private information.

  • Unusual Activity – These types of emails will suggest that someone gained access to your account and you need to change your password quickly. They leverage fear so people will click without thinking, hurrying to change their password before they're a victim of the attack. They usually have buttons that say, "Review Recent Activity" or "Click Here To Change Your Password." These emails can go as far as to show fake login information detailing the region, IP address, time of sign-in and more, like real messages from the companies do to convince you to click.
  • Fake Gift Cards – These emails suggest that someone sent you an e-gift card. When you open the email, they either redirect you to a website to "claim your gift card" or have a button to "redeem now."
  • Account Verification Required – These emails suggest that your account has been disconnected, and they need you to verify your information. As soon as you enter your login credentials, the hacker has access.

There are multiple steps to making sure your network is secure. One would be getting email monitoring to help reduce the likelihood of these phishing emails ending up in your inbox. It's also important to make sure employees know what to look for so that if an email does get by the phishing detection system, they can still keep your company safe.

To fortify your defenses against these ever-evolving threats, having a local IT team in your corner is paramount. At Tech Mafia, we offer the greater Seattle area and the entire Puget Sound region IT Support and Cybersecurity, through our Managed IT Services.

Knowledge is your best defense against cybercriminals. Explore our IT Buyers Guide—a comprehensive resource that walks you through the crucial questions to ask yourself and potential IT providers. Make an informed choice for a secure future.

Tech Mafia is here for Seattle area businesses to delegate their IT to. We work day in and day out to ensure your business is run smoothly and your data is protected.

Ready to embark on a journey towards fortified IT support? Reach out to us today!

Like what you're reading? Subscribe to stay up to date.

We continually update Tech Talks; if you have any questions or suggestions, please contact us!