Optistar uses cookies to make our website work properly and to provide the most relevant content and services to our clients and site visitors.

Articles

10 Spoofing Facts To Know

June 21, 2022

These Facts Can Help You Avoid Brand Impersonation

Spoofing or brand impersonation is a popular tactic that cybercriminals use to perpetrate phishing attacks. By making messages seem routine or faking that a message came from a well-known and trustworthy brand, the recipient is less likely to suspect that a message is malicious. Spoofing is a serious danger to business security that employees face daily and is commonly used in business email compromise schemes — the most expensive cyberattack a business can experience. It’s also frequently used as a tool in social media fraud, credential compromise, account takeover and other dangerous cyberattacks. Learning more about spoofing and brand impersonation can help potential victims spot this danger and guard against it effectively.  

  1. 25% of all branded emails that companies receive are spoofed or brand impersonation attempts.     
  1. Brand impersonation has risen by more than 360% since 2020.  
  1. 97% of employees cannot recognize sophisticated phishing threats.  
  1. 98% of cyberattacks contain one or more elements of social engineering like spoofing.  
  1. 98% of organizations received a threat from a supplier domain in 2021. 
  1. One-quarter of all email phishing attacks in Q4 2021 spoofed UPS or DHL.  
  1. Brand fraud in 2021 was 15 times higher than in 2020.  
  1. 1 in 3 employees is likely to click the links in phishing emails.      
  1. 45% of employees click emails they consider to be suspicious “just in case they are important.”    
  1. 1 in 8 employees is likely to share information requested in a phishing email.   

Spoofing Facts Spotlight: Microsoft

Microsoft is one of the most spoofed brands that employees encounter. Why? Employees handle a lot of Office files, including via email. These Microsoft spoofing facts offer a snapshot of the scope of the danger presented by this type of brand impersonation.  

Spoofing Facts About Social Media Fraud 

Spoofing/brand impersonation is a hallmark tactic of social media phishing. The faceless nature of social media makes it ripe for fraud and that’s a problem for businesses as well as consumers. In January 2021, organizations experienced about 34 social-media-related phishing attacks per month. However, in June 2021, this number rose closer to 50, representing a 47% increase through the first half of 2021. By September 2021, organizations were looking at around 61 social-media-related phishing attacks per month – a shocking 82% increase in just three quarters. Cybercriminals are always working to exploit the current hot social media platform. Right now, that means littering TikTok with spoofed messages and suspicious ads.     

Most Counterfeited Luxury Brands on TikTok   

Hashtagged brand impersonation/spoofed posts in 2021 (in views) 

  1. Gucci 13.6 million    
  1. Rolex 11.7 million  
  1. Louis Vuitton 2.08 million    
  1. Dior 282,700    
  1. Chanel 163,181 

Source: The Fashion Law 

Spoofing Facts About Suspicious Subject Lines

Caution when handling branded email can help reduce the chance of interacting . Subject lines that feature oddities like “Warning,” “Your funds has…” or “Message is for a trusted…” should set off alarm bells, especially if the subject line demands urgent action. There are a few red flags that are tip-offs that a branded email may be spoofed or faked instead of a genuine message from that brand.   


Common subject lines of spoofing messages aimed at businesses   


  • Reset Password Required    
  • Update Payment Information   
  • Failed Delivery Attempt   
  • Immediate Action Required   
  • Account Security Alert  
  • Final Notice   
  • Overdue Invoice   
  • Pending Invoice   
  • Tracking Link Enclosed   
  • Pending Customs Fees   

Other Red Flags That Could Indicate Spoofing 

Spoofing is generally a facet of phishing. These red flags in suspicious messages often point to spoofing. 

An improper or unprofessional greeting   

If the greeting seems strange, be suspicious. Is the greeting in a different style than you usually see from this sender? Is it generic when it is otherwise usually personalized, or vice versa? Anomalies in the greeting in a message are clues that it may not be legitimate.    

A message sent from an unofficial or unusual domain    

Check the sender’s domain by looking at the email address of the sender. A message from a major corporation is going to come from that company’s usual, official domain. For example, if a message carrying a security warning says it is from “Sender@microsoftsecurity.com” instead of “Sender@microsoft.com,” it’s likely phishing.    

Odd word choices and grammar    

This is a hallmark test for a phishing message. Check for grammatical errors, usage mistakes, data that doesn’t make sense, variances in the company name or address, strange word choices and problems with capitalization or punctuation. An error-filled message is probably phishing.  

Unusual spelling mistakes and emojis   

Even major brands sometimes send out messages with spelling errors. However, a message riddled with errors isn’t likely to be legitimate. Also, some brands do use emojis in email subject lines, but they are rarely used in the body of a major branded email.  Emojis in the text could mean phishing.

Variations in style or choppiness 

Sometimes, when bad actors spoof emails, they only replace some of the text. If a message is choppy or contains parts that don’t fit the rest, be wary. Beware of unusual fonts, colors that are just a little off, logos that are odd or formats that aren’t quite right. These are common indicators of a spoofed message.     

Strange links   

Malicious links are a cybercriminal’s best friend and a common way through which malware is distributed. Links that don’t go to the company that supposedly sent the message’s official domain or social media account are dangerous and could be attempts to phish or deploy ransomware.  

If it’s too good to be true…   

Be cautious about interacting with messages from celebrities, government agencies as well as companies especially if they seem tailor-made for you. For example, the U.S. federal government will never ask you for PII, payment card numbers or financial data through an email message.  

Spoofing Facts Tell the Tale: Employees Need Training to Avoid Danger 

Security and compliance awareness training is a powerful weapon against cyberattacks of all kinds, including spoofing. Security awareness training empowers employees to resist phishing lures to spot and stop cyberattacks before they start. It also reduces a company’s chance of experiencing a damaging cybersecurity incident by up to 70%. Contact us for more information on our Security Awareness Training at (888)782-7003 or email us at ask@optistartech.com.

ID Agent

Back to Insights
Sign up for More Insights