In recent months, we have seen an increase in the number of brandjacking and fake emails. This is yet another form of social engineering cyber attack and can be avoided with care and caution.
Brandjacking is an activity whereby someone acquires or otherwise assumes the online identity of another entity for the purposes of acquiring that person’s or business’s brand equity.
A brandjacking email will look like it is being sent from a trusted or well-known entity (such as banks, telephone companies, Australia Post, Australian Taxation Office, Law firms or Accountants). The purpose of these emails is for the scammer to obtain sensitive information from the recipient of the email.
Traditionally an email will arrive in your inbox, looking legitimate and containing recognisable logos. It will contain a message from an entity you normally do business with.
Often these emails tell a story to trick you into clicking on a link or opening an attachment.
Some examples of the types of emails or text messages you may receive:
- an email saying that you need to confirm some personal information or your account will be deleted;
- a message that will ask you to open an attachment which will contain a fake invoice;
- An email asking you to click on a link to make a payment;
- A message which says you are eligible for free products or goods or that you have won a competition;
- An email advising you that there is a problem with your account and requiring you to confirm personal details;
- A message advising you that you are eligible for a refund and to open the link to access these funds.
Hopefully your email spam filters will keep most of these fraudulent emails from your inbox but occasionally they slip through and it is a good idea to be cautious and take some simple steps to avoid being caught out.
The following tips can help to keep you and your workplace safe:
- Always have software protection installed on your systems. This should not only have anti-virus protection but should also contain spam filters.
- Ensure these forms of security software update automatically and are never left unpatched.
- Likewise, set your mobile phone to install software updates automatically.
- Protect your sensitive accounts by using multi factor authentication. This will make it harder for scammers to get into your accounts even if they have your user name and password.
- Back up your data regularly and make sure the back-ups are not connected to your business network.
- Check out the details of the website or person who is contacting you. Look up the website or phone number for the company or person and try and ascertain if they are legitimate. Call them and tell them about the communication you have received.
- Remember financial institutions will never contact you or your business and ask for your personal log in details.
- Look for scam hints:
- You do not have an account with that company
- The message is not personal to you or has some spelling or grammatical errors
- The message or email is asking for personal information, including passwords and log in details
- Change any compromised passwords immediately and stop using them for any other accounts.
Most importantly, be aware of the risks and take time to read all your communications slowly. Most often a brandjacking scam email or message will be easy to detect if you take the time and effort to read it properly.