According to the latest global Kaspersky spam and phishing report, delivery service impersonation pages in 2022 recorded the highest click-through rate on phishing links (27.38%), with online stores ranking second (15.56%). Payment systems and banks held the third and fourth positions, respectively.
Cybercriminals exploit established brands to carry out their illicit activities, tarnishing a brand’s reputation while stealing sensitive information. They craft websites that closely mimic legitimate brands, using accurate and detailed content to “phish” login credentials, personal and professional identities, as well as sensitive company and financial data. This not only leads to data and monetary losses but also poses significant reputational risks, as it creates a negative perception of the genuine brand among its audience.
To shield a brand from potential cyber threats, Olga Svistunova, Web Content Analyst at Kaspersky, recommends the following:
1) Educate Employees and Customers: Ensure both your employees and customers can recognize phishing emails and websites. Low cybersecurity awareness among staff can disrupt crucial business processes and lead to data breaches. Cybercriminals may hijack corporate social media accounts to conduct malicious activities. Customers, too, need to be aware of potential threats. Conduct cybersecurity training for staff and create security awareness campaigns for customers to teach them how to spot phishing activities.
2) Alert Clients: If you operate in a financial or other sensitive sector often targeted by cybercriminals, inform your clients about the heightened risk of deception. Encourage them to exercise caution when dealing with emails and messages.
3) Encourage Reporting: Prompt customers to report any suspicious activities conducted under your brand’s name. Request screenshots and other evidence to identify and address suspicious actions promptly.
4) Secure Social Media: Pay attention to the security settings of your social media accounts. Companies frequently post information and interact with their audience not only on their own platforms but also on external ones. Be vigilant about privacy settings on these platforms, create strong, complex passwords, and enable two-factor authentication where possible.
5) Utilize Threat Intelligence Tools: Employ threat intelligence tools like Kaspersky Digital Footprint Intelligence to detect brand impersonation attacks in real time. Such solutions provide notifications about targeted phishing attacks, fake social network accounts, and phishing websites impersonating your brand. They also assist in monitoring and removing fake social network accounts and mobile applications from app marketplaces.