Easy to Deceive, Difficult to Detect: Impersonation Dominates Attacks

Posted on December 1, 2020

Impersonation allows threat actors to manipulate victims into revealing sensitive information and enables more sophisticated fraud schemes. By co-opting an organization’s name, logo, or messaging, attackers can embed themselves into nearly any type of cyber threat, making impersonation both easy to execute and hard to defend against. Because of its wide-ranging applications, organizations must understand the many ways impersonation can be exploited to effectively protect themselves.

In this blog, we examine various impersonation tactics targeting a single financial institution, highlighting the diverse risks any organization may face.

 

Look-alike Domain

Look-alike domain copy
 Look-alike Domain used for Credential Theft
 
The first example is a look-alike domain impersonating the FI to steal customer credentials. Look-alike domain names are highly utilized in cyber-attacks as they are easily registered and difficult to identify. Although this domain uses the financial institution's name, the hyphenation and subdomain are indicators that the URL is suspicious. 
 
URL: hxxp://secure-{redacted}.ddnsking.com/
 

Social Media Impersonation

 Fake Facebook Page 
 
In the above example, a Facebook page impersonates the FI by using its name and posting multiple images that promote loans and banking with their services. It includes links to the legitimate website, and a look-alike domain that resolves on a parking page. Almost 3 billion people use social media, and negative or malicious content associated with an organization through a platform like Facebook can result in swift, widespread, and irrevocable brand damage. 
 

Brand Impersonation

Phishing site copy
Phishing Site 
 
Cybercriminals routinely persuade account holders to disclose sensitive information by using trademarked material from trusted organizations. In the example above, a phishing page uses the official name, logo, image, and messaging of the FI to mirror its legitimate login page and steal credentials. 
 

Mobile App Impersonation

Fake App copy
Fake Mobile App
 
Brand impersonation is one of the key factors in the success of fake apps. Mobile users are traditionally less suspicious of content on their phones than their computers, and unauthorized trademark abuse can easily go unsuspected, leading to stolen data and locked devices. The above example is an unauthorized application that uses the logo and name of the financial institution on a third-party app store. 
 

Executive Impersonation

Fake Instagram Page
 
Executives are prime targets for threat actors because their roles carry significant credibility and public visibility. False information or damaging content about them or their organizations can quickly spread on social platforms like X and LinkedIn, causing serious harm to the brand’s reputation. The above example is a fake Instagram account for the CEO of the FI.
 

Advanced Email Threats

Email Phish copy
Phishing Email

Phishing remains the top attack vector, accounting for one-third of all security breaches. In the example above, a threat actor impersonates management to deliver a fake staff report, using a spoofed sender address and referencing the financial institution to increase credibility.

Impersonation is a highly versatile tactic that leverages a brand’s reputation to boost the success of cyber attacks. It spans various threat types, making it a favorite method among cybercriminals. Detecting impersonation threats can be complex and resource-intensive, requiring comprehensive data collection and careful analysis. Fortra Brand Protection Digital Risk Protection helps organizations with unmatched threat intelligence for brand impersonation.

 
Additional Resources:

 

Related Products
Brand Protection Domain Monitoring Social Media Protection Mobile App Protection