One important trend we've seen through police reporting in recent months is Brand Impersonation.
What is Brand Impersonation?
This is where an e-commerce website or social media account is imitated for fraud.
During busy online purchase days such as Boxing Day or Black Friday, fraudsters use this technique to drive traffic to the fake website and attempt to steal credit card details and personal information or charge fraudulent purchases to people's cards.
Consider a start-up gift shop established with customers and sells its products through its online store. Criminals will create a fake social media account, copy all the material from the real online store, and start to follow the real store’s customers. Criminals will then send a link to their fake websites to real customers.
When everyone is hurrying to purchase gifts online, it's easy to fall for this trick and find that personal credentials and card details have been stolen.
A key step in Brand Impersonation Attacks is for an attacker to purchase a website domain that is closely related to the real domain. This can be done in a variety of ways:
Changing the top-level domain (TLD) of the legitimate website.
If the real site is www.thisismywebsite.co.uk, the attacker may publish the fake site under www.thisismywebsite.com if the victim does not own that domain. This can be repeated with other options, including .co, .uk, .net etc.
Changing the root domain of the victim's website.
If the real website is www.myautos.com, the attacker may publish their website under the domain www.automotives.com to fool any users into selecting the wrong website.
Changing characters in the root domain of a website. This is a rare type of attack, but certain characters look similar to the alphabet but are processed differently by websites.
If a website is called www.buytoolshere.co.uk, then an attacker may publish the domain www.buytoolshere.co.uk - while this doesn’t look different to the eye, the attacker has used special replaced the o’s in tools with special characters that are hard to detect - meaning the domain is different, but looks incredibly similar.
What examples of Brand Impersonation have occurred recently?
Brand Impersonation has a long history of fraud. It’s a well-known technique and can be very effective. When voting for TV shows by phone was first popular, phone lines were set up by fraudsters (with similar phone numbers to the real TV show phone line) to charge victims as high as £20 per call. This tactic relied upon victims to miss dial the phone number.
A good example was a website set up to target government services. Fraudsters created a fake DVLA driving test website and used Google adverts to promote it. The web address they used was very similar to the real DVLA website, and when a victim googled “Book a driving test,” the fraudulent site was number one in the search results. After visiting the website, the fraudsters would charge victims twice as much as the actual DVLA website but with no test, so it cost victims three times as much in the end.
If your business has been targeted through Brand Impersonation or you want to discuss ways to prevent this from happening. Please contact us to learn more about our services - such as a Digital Footprint Assessment.
How can I prevent Brand Impersonation?
eCommerce site owners should do the following:
Monitoring such activity by simply googling their brand is also good practice.
Criminals often purchase web addresses close to the brand's domain to fool customers. Simply by googling their website and brand, they can see if there is any suspicious activity going on.
It's good practice to do the same on all social media platforms to see if there is a fake copy of your brand out there. And report suspicious activity to the relevant social media platform
Bear in mind that these attacks normally happen during an event when there is a high volume of shoppers during the year, so you could even schedule in check for fake sites around key shopping dates like Valentine's Day, Black Friday or Christmas.
How to respond if you’re a victim of brand impersonation
Make their clients aware of the threat and encourage them to be vigilant when they shop online
Send out an email newsletter explaining the situation, clearly stating your company's legitimate/real website, also clearly state the suspicious website(s) that clients should avoid
Consider putting out an announcement on any active social media channels/platforms
Consider putting a temporary warning banner/message on your company website, again informing your clients/visitors of the suspicious websites that they should avoid using
Report suspicious activity to Action Fraud. Action Fraud works with internet providers to remove fake sites.
Consider following NCSC Guidance on reporting suspicious/malicious websites to the domain provider they are hosted on.
Be wary of further attempts to defraud your business - you may be targeted by Supplier Invoice Fraud attempts
Check to see if your website has any vulnerabilities with a Website Vulnerability Assessment
Here at the Cyber Resilience Centre, we proudly support businesses across the North West. Joining our Membership is free, and you can stay updated on the latest events, news and security guidance.
Comments