One important trend we've seen through police reporting in recent months is Brand Impersonation.
This is where an e-commerce website or social media account is imitated for fraud.
During busy online purchase days such as Boxing Day or Black Friday, fraudsters use this technique to drive traffic to the fake website and attempt to steal credit card details and personal information or charge fraudulent purchases to people's cards.
Consider a start-up gift shop established with customers and sells its products through its online store. Criminals will create a fake social media account, copy all the material from the real online store, and start to follow the real store’s customers. Criminals will then send a link to their fake websites to real customers.
When everyone is hurrying to purchase gifts online, it's easy to fall for this trick and find that personal credentials and card details have been stolen.
A key step in Brand Impersonation Attacks is for an attacker to purchase a website domain that is closely related to the real domain. This can be done in a variety of ways:
Brand Impersonation has a long history of fraud. It’s a well-known technique and can be very effective. When voting for TV shows by phone was first popular, phone lines were set up by fraudsters (with similar phone numbers to the real TV show phone line) to charge victims as high as £20 per call. This tactic relied upon victims to miss dial the phone number.
A good example was a website set up to target government services. Fraudsters created a fake DVLA driving test website and used Google adverts to promote it. The web address they used was very similar to the real DVLA website, and when a victim googled “Book a driving test,” the fraudulent site was number one in the search results. After visiting the website, the fraudsters would charge victims twice as much as the actual DVLA website but with no test, so it cost victims three times as much in the end.
If your business has been targeted through Brand Impersonation or you want to discuss ways to prevent this from happening. Please contact us to learn more about our services - such as a ,Digital Footprint Assessment.
eCommerce site owners should do the following:
Bear in mind that these attacks normally happen during an event when there is a high volume of shoppers during the year, so you could even schedule in check for fake sites around key shopping dates like Valentine's Day, Black Friday or Christmas.
Here at the Cyber Resilience Centre, we proudly support businesses from across the North West. Joining our ,Membership is free, and you can stay updated on the latest events, news and security guidance.
Click to Open Code Editor