Authored by Olga Svistunova, Web Content Analyst, Kaspersky
According to the latest Kaspersky spam and phishing report, pages impersonating delivery services in 2022 had the highest percentage of clicks on phishing links blocked by Kaspersky solutions (27.38%). Online stores (15.56%) occupied second place. Payment systems (10.39%) and banks (10.39%) ranked third and fourth, respectively.
Сybercriminals use brands other people have worked hard to build, and profit from it by using its good name to conduct their criminal activity. Operating a website they’ve created that’s a good copy of a brand or online service, they employ accurate, and detailed content to ‘phish’ anything from login credentials to personal and professional identities, sensitive company, or financial information. It can lead to data and money loss but also great reputational risks as it creates a negative perception of the original brand by the audience.
To protect your brand from possible cyber risks you should follow some simple rules:
1. Educate both employees and customers on how to recognize a phishing email or a phishing website. Low cybersecurity awareness among company’s staff may lead to the shutdown of important business processes and data leakage. Cybercriminals can take over company’s social media accounts and carry out malicious activities on its behalf.
Your customers are at the same risk – they should be aware of possible threats to be able to recognize them. To reach this goal businesses can conduct dedicated cybersecurity training for staff and create special stories or series of security-awareness emails explaining how to identify the phishing activities for customers.
2. If you work in financial or any other sensitive sphere that often attracts cybercriminals, warn your clients about this fact and draw their attention to the increased risk of being deceived. Ask them to be more attentive to the emails and messages they receive.
3. Ask your customers to report all suspicious activities carried out on behalf of your brand. Ask them to provide screenshots and other proofs to be able to find out about suspicious actions in time.
4. Pay attention to the security settings of your social media accounts. As a rule, companies post information and communicate with their audience not only on their own resources, but also on external platforms. Be careful about the privacy settings on such platforms, look them through thoroughly, create complex strong passwords and set up two-factor authentication, if possible.
5. Apply threat intelligence tools - such as Kaspersky Digital Footprint Intelligence - to indicate brand impersonation attacks in time. Such solutions can provide you with real-time notifications about Targeted Phishing and faked Social Networks accounts and help to track the appearance of the phishing website targeting the brand name of a company as well as to monitor and takedown of fake social network accounts and Apps in mobile marketplaces.