BRAND IMPERSONATION

Phishing emails that impersonate well-known brands

WHAT IS BRAND IMPERSONATION?

Brand Impersonation when conducted through email, sees a cybercriminal impersonate a well-known, recognizable brand in an attempt to steal credentials or other potentially sensitive information. Brand Impersonation, or Brand Spoofing is a highly successful attack technique used by hackers to steal data, which can then be used in future scams. By posing as a recognizable brand or organization familiar to the recipient, attackers can trick their victims into clicking on a link or attachment in the email.

purple dollar sign

Tech Giants Most Spoofed

Microsoft, Apple and Google were the top three brands that cyber-criminals attempted to impersonate in 2021.

(source: IBM)

chart showing 25%

1/4 of Branded Emails Spoofed

25% of all branded emails that organizations receive are spoofed, or brand impersonation attempts.

(source: Digital in the Round)

1 person out of 8

1 in 8 will share data

1 in 3 employees are likely to click the links in phishing emails, and 1 in 8 employees are likely to share information requested.

(source: Keepnet Labs)


WHAT DOES BRAND
IMPERSONATION LOOK LIKE?

Brand Impersonation scams are a numbers game. By leveraging the ubiquity of a brand like Apple, the email will likely appear relevant to a sizeable portion of recipients. These emails will contain either a link to a phishing site or malware that will download once clicked on. Although they are not nearly as sophisticated as other email attacks, mass phishing campaigns like this can easily be sent to a million recipients. A success rate of only 0.5% still results in 5,000 infections or stolen credentials that be used in future, more-targeted scams.

Spoofed Display Name

With the display name “Apple Support” the attacker is attempting to masquerade as Apple. On a mobile device, the recipient will likely only see the display name.

Sense Of Urgency

The attacker creates a sense of urgency by telling the user their account has been locked and they must take action.

Link to Fake Login Page

The call to action links to a fake login page designed to steal the user’s credentials.

HOW DOES MESH PROTECT AGAINST
BRAND IMPERSONATION?

Mesh applies over 250 unique filters to every single email it processes, protecting against the full spectrum of email attacks. Combining machine learning, predictive threat intelligence and advanced content analysis, Mesh identifies indicators of compromise, fraud, impersonation, phishing, malicious content, spam, and unsolicited marketing emails, keeping organizations and their people safe.

URL Protect

All links in the email are subjected to scanning against real-time threat feeds for known and unknown malicious sites as well as fake login pages and phishing sites. Links to unknown or suspicious objects are sandboxed.

Attachment Sandboxing

Unknown and potentially malicious attachments are detonated in a virtual environment to determine their behavior, protecting against never-before-seen, zero-hour threats like polymorphic malware.

Dynamic Content Scanning

Next Generation Spam Filtering - text and images in the message body are dynamically scanned for indicators of spam and nefarious intent, including evasive techniques such as the use of Cyrillic characters, empty white space, and the packing of email with excess content.

The detection accuracy is excellent & for the price point, it's a no-brainer.

Mesh has significantly reduced the amount of email-related tickets we receive. The ability to manage everything centrally from partner level makes our job so much easier - we can make changes for all clients in one go. Onboarding was quick and painless, both our engineers and end-users took to it straight away.”

Get the full case-study ⟶

Chris Pottrell
CEO @ Nebula IT


Ready to get started?

Make your customers safer and
your MSP more efficient.

MSP Success Stories

Discover how your MSP peers have made their MSPs more efficient and profitable, while delivering better email security to their customers.

View Success Stories →

Mesh is not for everyone

We’re developing the only email security platform built exclusively for MSPs, but nobody is perfect and Mesh is not for every team.

Learn Why →