In this blog, we will discuss various brand impersonation scams that can seriously damage a...
Brand protection is critical, particularly in light of the serious brand impersonation attacks, and the ever-increasing ability of bad actors.
In this article, we cover:
- Understanding Brand Impersonation Attacks
- The Rising Cost of Enterprise Identity Impersonation
- How YouMailPS Identifies Brand Impersonation Attacks to Provide Brand Protection
Understanding Brand Impersonation Attacks
“Hello, this is Amazon. We’re sorry, but your package cannot be delivered. Please press 1 to confirm your shipping address, or we will assess a fee of …” Or so begins a common brand impersonation attack.
Amazon, as of 2021, topped the list of impersonated business, and Apple is in the second spot. The Federal Trade Commission, in fact, notes that losses of $27 million were reported, which is almost certainly understated.
Your company may have spent years and millions earning consumer trust via marketing, branding, and goodwill efforts. Yet a new form of criminal is seeking to hijack those efforts to scam unwitting consumers using what’s called a Brand Impersonation Attack.
Another, sadly familiar, example of a brand impersonation attack goes as follows: “…Due to this all your social benefits will be canceled until further clearance. In case you feel this ... in error you may connect with legal ... social security administration. In order to connect with a Social Security Administration officer press 1 now.”
This long-running scam impersonates the US Social Security Administration in order to phish information from unwitting call recipients. Millions of phone numbers can be procured by the scammers at a relatively low cost, numbers can easily be spoofed (illegally made to look like the brand’s real number), then relentless calls are made which appear very similar to a brand — your brand?! — to scam consumers.
Methods of brand impersonation attacks include:
- Robocall Fraud: Using a computer platform to dial a large quantity of phone numbers, often involving a prerecorded message. If a consumer answers the phone call, they may be connected to a bad actor posing as a legitimate brand.
- Vishing: Voice phishing, or “vishing,” is when a cybercriminal uses voice calls channel to scam. Vishing robocalls frequently involve the use of prerecorded audio imploring the called party to take form of action such as “press one to speak to a representative”. If the consumer does not answer the robocall, an audio message may be left behind as voicemail.
- Smishing: When a cybercriminal uses text messaging for phishing purposes. Robotexting platforms send text messages. A reply leads you to a convincing brand impersonation scam, often involving impersonation of a brand with a fraudulent offer.
Any of these brand impersonation attacks has a negative impact on the brand-consumer relationship. Both the consumer and brand suffer, even when cybercriminals are unsuccessful.
The Rising Cost Of Enterprise Identity Impersonation
A whopping 1 in 4 branded emails are illegitimate, with more than half of all emails spam. The FBI documented $43 billion (!) in global exposed losses between June 2016 and Dec 2021 due to business email comprises, and that’s likely just the tip of the iceberg.
These costs are rapidly rising. The same report indicates a 65% increase in a 2 year time period.
It’s clear: brand impersonation attacks cannot be ignored by any modern enterprise.
How YouMailPS Identifies Brand Impersonation Attacks To Provide Brand Protection
To defend against brand impersonation and attacks, many enterprises are turning to managed detection and response (MDR) services. An MDR service — particularly a turnkey MDR solution — supplements other security and compliance initiatives, and includes scanning tools that can detect misuse of logos, domain names, social media posts, phishing attempts, vishing attempts, and more.
One such MDR solution provider is YouMail Protective Services (YouMailPS). YouMailPS is the enterprise arm of YouMail, a consumer service which protects millions of phone users from scam calls. Scammers call YouMail consumers, in some cases leaving voicemails that YouMail can scan for data. This provides YouMail — and YouMailPS — with billions of data points in which to not only fingerprint scam callers, but to also identify which brand those callers are impersonating.
Using data from their massive YouMail Sensor Network, Brand Defense by YouMailPS accurately identifies fraudulent robocalls. It can then scan the contents of voicemails left by these bad actors, to identify the specific scams and the brand involved. Subscribers can be notified in near real-time, and the data collected can even be used to supplement legal action by the brand against the scammers.
The highly sophisticated system provides brand protection from voice call scams, as well as text messages (SMS) scams. The YouMailPS technology incorporates STIR/SHAKEN protocols, call analysis (date, time, location, length, etc), content analysis, machine learning with AI algorithms, human interventions, trend spotting, social media monitoring, chat site monitoring, and more.
In addition, legitimate company calls can be supplied to YouMailPS to supply an authorized brand fingerprint, for even greater accuracy.
In today’s environment, stopping brand impersonation attacks with a brand reputation management solution is a small investment in brand protection.
YouMailPS uses sophisticated audio analytics as part of their comprehensive brand protection toolkit. Learn more with a free whitepaper on The Critical Role of Audio Analytics in Robocall Threat Mitigation Programs here >
