From Trust to Trickery: Brand Impersonation over the Email Attack Vector

May 27, 2024

While much of the focus of recent cybersecurity efforts has been dedicated towards perimeter devices, social engineering should not be neglected. One of the most pernicious forms of social engineering in attacking both individuals and enterprises is brand impersonation, and threat actors have innovated many new ways to do it. By far, the most popular brand to impersonate is Microsoft, which makes sense given the ubiquity of Microsoft-owned platforms in most enterprises. Often, threat actors will send messages pretending to be email administrators asking for account information. In such cases, they have to recreate the format of a Microsoft email. Sometimes this is done through HTML manipulation, but this is a more difficult method. In many cases the easiest method for a threat actor to use is simply to prepare the email as an image file or unscannable PDF, and send it that way. The advantage of this method is that while a human can read it, automatic email scanners meant to detect phishing cannot.

Aside from Microsoft, other popularly impersonated brands include DocuSign, Amazon, and Paypal, likely due to their utility in phishing schemes. Although advances have been made to help detect and prevent social engineering messages from being sent, as always the weakest element in a cyber defense scheme remains the human user. In order to mitigate the risk of social engineering attacks, the most important element remains user education, especially in the case of emails. People have to learn not to automatically trust branded emails, but challenge them through alternate channels whenever possible.

More from Blackwired

December 23, 2024

INTERPOL urges end to 'Pig Butchering' term, cites harm to online victims

INTERPOL urges using "romance baiting" instead of "Pig Butchering" to reduce victim shame and encourage reporting online scams.

Read more
December 16, 2024

CISOs need to consider the personal risks associated with their role

CISOs face personal liability for cybersecurity incidents, boosting accountability but increasing stress and deterring professionals.

Read more
December 9, 2024

The Shocking Speed of AWS Key Exploitation

AWS keys exposed online are exploited in minutes, highlighting the need for faster detection and response to prevent breaches.

Read more