According to the latest global Kaspersky spam and phishing report, pages impersonating delivery services in 2022 had the highest percentage of clicks on phishing links (27.38%).
Online stores (15.56%) placed second. Payment systems and banks ranked third and fourth, respectively. Cybercriminals use brands other people have worked hard to build, and profit by using its good name to conduct their criminal activity.
While operating a website they’ve created that is a good copy of a brand or online service, they employ accurate and detailed content to ‘phish’ anything from login credentials to personal and professional identities, sensitive company, or financial information.
It can lead to data and money loss but also great reputational risks as it creates a negative perception of the original brand by the audience.
To protect the brand from possible cyber risks Olga Svistunova, Web Content Analyst at Kaspersky, calls to follow these rules:
1) Educate both employees and customers on how to recognise a phishing email or a phishing website. Low cybersecurity awareness among company staff may lead to the shutdown of important business processes and data leakage. Cybercriminals can take over corporate social media accounts and carry out malicious activities on its behalf.
Your customers are also at risk – they should be aware of possible threats to be able to recognise them. To reach this goal businesses can conduct dedicated cybersecurity training for staff and create special stories or series of security-awareness emails explaining how to identify the phishing activities for customers.
2) If you work in the financial or any other sensitive sphere that often attracts cybercriminals, warn your clients about this fact and draw their attention to the increased risk of being deceived. Ask them to be more attentive to the emails and messages they receive.
3) Ask your customers to report all suspicious activities carried out on behalf of your brand. Ask them to provide screenshots and other proofs to be able to find out about suspicious actions in time.
4) Pay attention to the security settings of your social media accounts. As a rule, companies post information and communicate with their audience not only on their own resources, but also on external platforms. Be careful about the privacy settings on such platforms, study them thoroughly, create complex strong passwords and set up two-factor authentication, if possible.
5) Apply threat intelligence tools – such as Kaspersky Digital Footprint Intelligence – to indicate brand impersonation attacks in time. Such solutions can provide you with real-time notifications about Targeted Phishing and faked Social Networks accounts and help to track the appearance of the phishing website targeting the brand name of a company as well as to monitor and takedown fake social network accounts and Apps in mobile marketplaces.
