Brand Impersonation

Blue background with security icons in bubblesAccording to recent reports, phishing attacks using brand impersonation are at an all-time high. Cybercriminals are posing as familiar companies to trick you into giving access to your account. They then steal sensitive data or target your friends or co-workers. Learn how these attacks occur and how to protect yourself.

Brand impersonation attacks are typically standard-looking emails that appear to be from a company that you use, such as Microsoft Office, Netflix, or UPS, but are from scammers. Clicking the link in the email will take you to a fake (but realistic looking) login page.

Cybercriminals are posing as familiar companies to trick you into giving access to your account.

The most deceiving part of some of these fake pages is that the web address may appear to be safe. The URL may end with a legitimate domain like “windows.net” because the bad guys are hosting these pages with Microsoft’s Azure cloud services.

If you enter your information, the criminals gain access to one or more of your online accounts, which they then use to steal data or plan further attacks on your contacts.

Remember the following information to protect yourself from these scams:

  • Look out for strange or suspicious domains in sender addresses. Even if the domain looks legitimate, check again. Does the email say “micronsoft.com” instead of “microsoft.com”?
  • Before clicking on any links, always hover over the linked text to see where it leads. Never click on a link in a message unless you are sure the sender is legitimate.
  • Whenever you get an email from an online service you use, log into your account through your browser (not through links in the email) to check whether the email message is valid. 

Never Share

A common fraud tactic is asking someone for their banking login information. This gives the scammer access to your accounts. They may move money or remotely deposit fraudulent items.

Never give your login information out to anyone. If someone calls, emails, or messages you, hang up the phone or block their messages.

If you would like to give login access to a trusted person you know, use our Shared Access feature to give them access with a separate login. Read more about Shared Access in our Staying Secure article.