Easy to Deceive, Difficult to Detect, Impersonation Dominates Attacks

Impersonation enables threat actors to manipulate victims into disclosing sensitive information as well as enhance their ability to commit fraud. An organization's name, logo, or messaging can be incorporated into almost any threat type, making it an easy and versatile element of a cyber attack. Impersonation is an especially difficult technique to defend against because of its diverse range of use cases, and in order to protect themselves against attacks, organizations should learn to identify its range of malicious applications. 
 
 
In this article, we explore the variety of ways impersonation can be used to target a single entity. All examples originate from the same financial institution (FI). 
 

Look-alike Domain

Look-alike domain copy
  Look-alike Domain used for Credential Theft
 
The first example is a look-alike domain impersonating the FI to steal customer credentials. Look-alike domain names are highly utilized in cyber attacks because they are easily registered and difficult to identify. Although this domain uses the FI's name, the hyphenation and subdomain are indicators that the URL is suspicious. 
 
URL: hxxp://secure-{redacted}.ddnsking.com/
 

Social Media Impersonation

  Fake Facebook Page 
 
In the above example, a Facebook page impersonates the FI by using its name and posting multiple images that promote loans and banking with their services. It includes links to the legitimate website, and a look-alike domain that resolves on a parking page. Almost three billion people use social media, and negative or malicious content associated with an organization through a platform like Facebook can result in swift, widespread, and irrevocable brand damage. 
 

Brand Impersonation

Phishing site copy
Phishing Site 
 
Cybercriminals routinely persuade account holders to disclose sensitive information by using trademarked material from trusted organizations. In the example above, a phishing page uses the official name, logo, image, and messaging of the FI to mirror its legitimate login page and steal credentials. 
 

Mobile App Impersonation

Fake App copy
Fake Mobile App
 
Brand impersonation is one of the key factors in the success of fake apps. Mobile users are traditionally less suspicious of content on their phones than their computers, and unauthorized trademark abuse can easily go unsuspected, leading to stolen data and locked devices. The above example is an unauthorized application that uses the logo and name of the financial institution on a third party app store. 
 

Executive Impersonation

Fake Instagram Page
 
Executives are a high-value target for threat actors due to the credibility attributed to their roles and level of visibility. Negative content or fake updates about their organization can be shared rapidly through social platforms like Twitter or LinkedIn, and have a devastating impact on their brand. The above example is a fake Instagram account for the CEO of the FI.
 

Advanced Email Threats

Email Phish copy
Phishing Email

Phishing is still the number one attack vector with one-third of all compromises involving malicious emails. In the example above the threat actor impersonates management to deliver a fake staff report. The sender address is spoofed, and the email body references the financial institution. 
 
Impersonation is an extremely versatile element of cyber attacks that uses the reputation of a brand to increase the odds of success. It can be used in a variety of threat types, making it a preferred tactic for cyber criminals. Impersonation threats can be difficult and time-consuming to detect, and require broad collection and curation capabilities. PhishLabs Digital Risk Protection helps organizations with unmatched threat intelligence for brand impersonation.
 
Additional Resources:

Article Link: https://info.phishlabs.com/blog/easy-to-deceive-difficult-to-detect-impersonation-dominates-attacks