Spoofing or brand impersonation is a popular tactic that cybercriminals use to perpetrate phishing attacks. By making messages seem routine or faking that a message came from a well-known and trustworthy brand, the recipient is less likely to suspect that a message is malicious. Spoofing is a serious danger to business security that employees face daily and is commonly used in business email compromise schemes — the most expensive cyberattack a business can experience. It’s also frequently used as a tool in social media fraud, credential compromise, account takeover, and other dangerous cyberattacks. Learning more about spoofing and brand impersonation can help IT professionals and potential victims spot this danger and guard against it effectively.

10 Spoofing Facts to Know

1. 25% of all branded emails that companies receive are spoofed or brand impersonation attempts.

2. Brand impersonation has risen by more than 360% since 2020.

3. 97% of employees cannot recognize sophisticated phishing threats.

4. 98% of cyberattacks contain one or more elements of social engineering like spoofing.

5. 98% of organizations received a threat from a supplier domain in 2021.

6. One-quarter of all email phishing attacks in Q4 2021 spoofed UPS or DHL.

7. Brand fraud in 2021 was 15 times higher than in 2020.

8. 1 in 3 employees is likely to click the links in phishing emails.

9. 45% of employees click emails they consider to be suspicious “just in case they are important.”

10. 1 in 8 employees is likely to share information requested in a phishing email.

Spoofing Facts Spotlight: Microsoft

Microsoft is one of the most spoofed brands that employees encounter. Why? Employees handle a lot of Office files, including via email. These Microsoft spoofing facts offer a snapshot of the scope of the danger presented by this type of brand impersonation.

• Approximately 145 million people use Teams/Office 365 every day.
• Just under 50% of malicious email attachments arrive in Microsoft Office formats.
• Microsoft Office formats like Word, PowerPoint, and Excel are popular file extensions for cybercriminals to use when transmitting malware via email, accounting for 38% of phishing attacks.
• The next most popular delivery method are archived files, such as .zip and .jar, which account for about 37% of malicious files.

Other Red Flags That Could Indicate Spoofing

Spoofing is generally a facet of phishing. These red flags in suspicious messages often point to spoofing.

An improper or unprofessional greeting  

If the greeting seems strange, be suspicious. Is the greeting in a different style than you usually see from this sender? Is it generic when it is otherwise usually personalized, or vice versa? Anomalies in the greeting in a message are clues that it may not be legitimate.

A message sent from an unofficial or unusual domain  

Check the sender’s domain by looking at the email address of the sender. A message from a major corporation is going to come from that company’s usual, official domain. For example, if a message carrying a security warning says it is from “Sender@microsoftsecurity.com” instead of “Sender@microsoft.com” it’s likely phishing.

Odd word choices and grammar

This is a hallmark test for a phishing message. Check for grammatical errors, usage mistakes, data that doesn’t make sense, variances in the company name or address, strange word choices, and problems with capitalization or punctuation. An error-filled message is probably phishing.

Unusual spelling mistakes and emojis 

Even major brands sometimes send out messages with spelling errors. However, a message riddled with errors isn’t likely to be legitimate. Also, some brands do use emojis in email subject lines, but they are rarely used in the body of a major branded email.  Emojis in the text could mean phishing.

Variations in style or choppiness 

Sometimes, when bad actors spoof emails, they only replace some of the text. If a message is choppy or contains parts that don’t fit the rest, be wary. Beware of unusual fonts, colors that are just a little off, logos that are odd, or formats that aren’t quite right. These are common indicators of a spoofed message.

Strange links 

Malicious links are a cybercriminal’s best friend and a common way through which malware is distributed. Links that don’t go to the company that supposedly sent the message’s official domain or social media account are dangerous and could attempt to phish or deploy ransomware.

If it’s too good to be true…  

Be cautious about interacting with messages from celebrities, government agencies as well as companies especially if they seem tailor-made for you. For example, the U.S. federal government will never ask you for PII, payment card numbers, or financial data through an email message.

Finally, security and compliance awareness training is a powerful weapon against cyberattacks of all kinds, including spoofing. Security awareness training empowers employees to resist phishing lures to spot and stop cyberattacks before they start. It also reduces a company’s chance of experiencing a damaging cybersecurity incident by up to 70%.

Source: ID Agent