Defend Your Brand Against Phishing

Phishing attacks on employees are a major concern and rightfully attract a lot of attention, but it is also important to defend your brand against phishing. In addition to exploiting the human weaknesses of employees, phishers are hijacking brands and targeting their customers – potentially damaging organizations’ reputations.

Phishers often exploit trust in a brand by spoofing corporate email addresses and using corporate logos. The use of branding adds authenticity to phishing emails and the campaigns can be highly effective. End users are much more likely to click on a malicious link and reveal sensitive information if an email appears to have been sent by a trusted business.

When a customer is fooled by a phishing campaign that uses company branding, trust in that company can be eroded and reputations may be tarnished. If you do not take steps to defend your brand against phishing, the possibility exists your customers will be targeted and your brand suffer as a result.

Cybercriminals often spoof well-known brands such as Facebook, Google, Netflix and Apple. Phishing emails are sent in the millions in the hope that they will reach a user that signs up for a service with the targeted brand. In the case of the above companies, their popularity makes it highly probable that a large percentage of emails will reach individuals with a connection to that brand.

The larger your company, the higher the risk of your brand being hijacked. The Anti-Phishing Working Group (APWG) says, on average, 312 brands are abused each month in phishing attacks. Large companies face the highest risk of brand hijacking; however, phishers could target any company. With the volume of phishing attacks now taking place, it is more important than ever to defend your brand against phishing.

How to Defend Your Brand Against Phishing

There are four main ways that cybercriminals hijack brands for phishing campaigns. To effectively defend your brand against phishing you should address each of these areas:

  • Fraudulent use of a company’s branding
  • Domain spoofing and counterfeit phishing websites
  • Email spoofing and use of corporate email accounts
  • Exploitation of website and email vulnerabilities

Corporate Brand Infringement

Unfortunately, theft and use of branding is hard to prevent. It is easy for cybercriminals to access images online. A search on Google will usually produce logos of various sizes, while corporate color schemes can easily be copied from an organization’s website. Preventing abuse of brands may not be possible, but organizations can monitor the Internet to identify abuse of domains and corporate brand infringement.

Monitoring all mentions of your brand online is an important practice to prevent copyright infringement by other firms. It will also allow you to defend your brand against phishing. In addition to monitoring mentions of your brand, you should also monitor for mentions of lookalike brands (See Domain Spoofing below).

At a basic level, you should set up Google alerts to receive emails when a new webpage is found that abuses your brand. There are several third-party vendors that can provide more comprehensive brand monitoring services.

Domain Spoofing

Domain spoofing is one of the commonest ways that phishers abuse brands and it is surprisingly easy. A cybercriminal can purchase a website with a very similar name to yours. If you were Google, a website such as, or would be chosen. The phishers then upload their standard website set up, which includes a phishing kit, and apply your logo and corporate color scheme. The process takes just a few minutes.

To prevent cybercriminals from spoofing your domain you should ensure that you purchase all similar domains to your own. That means other extensions of the domain you use. If your website is, you should purchase other top-level domains (TLDs) such as .org and .net. Since each country has its own TLD, it is not practical to purchase the TLDs for each country. Instead, select the TLDs of the countries in which you operate: for the UK, .mx for Mexico and .ca for Canada for example.

You should also purchase domains with one letter transposed with a number. Phishers often transpose a letter with a number. Most commonly this will involve replacing an O with a zero, an L with the number 1 or an S with the number 5.

Netcraft determined there were 13,000 phishing sites that included either “PayPal” or “eBay” in the URL. It would not be possible for all those domains to be purchased. To defend your brand against phishing attacks, the objective should be to make it harder for cybercriminals to spoof your domain.

You should also sign up for phishing Intelligence services with an anti-phishing company to receive alerts about new phishing campaigns that abuse your brand.

Email Spoofing

One of the commonest ways phishers trick people into believing an email is genuine is by spoofing the email address of the sender. Unfortunately, the Simple Mail Transfer Protocol (SMTP) is not designed to verify the identity of the sender of an email. It is therefore easy for phishers to fake the “sent by” field of an email.  When phishers also use corporate branding and a masked hyperlink, it can be difficult for customers to differentiate a phishing email from a genuine email.

It is not possible to prevent these impersonation attacks, although steps can be taken to reduce the likelihood of spoofed emails being delivered to inboxes. Email service providers have enhanced their spam filtering capabilities in recent years and now redirect most spam and phishing emails to the spam folder.

Companies can make it much easier for these messages to be blocked by implementing complimentary protocols that authenticate emails.  To protect your brand from phishing, it is now considered essential to use DMARC (Domain-based Message Authentication Reporting and Conformance).

DMARC is the industry standard for email authentication and can prevent 99% of unauthorized emails from being delivered. DMARC gives domain owners full control over who can use their domains to send email messages. Businesses should also consider using the SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) for incoming messages.

Exploitation of Website and Email Vulnerabilities

Email and website spoofing are not required if cybercriminals can gain access to your website or email accounts. If a website is compromised, cybercriminals can create a new page and upload a phishing kit. If an email is sent from your company email account, it may be next to impossible for a customer to recognize the message as a phishing email.

Email and website compromises are less common than spoofing, but they do occur. The easiest way for cybercriminals to gain access to websites is by exploiting vulnerabilities. You should therefore ensure your website is kept up to date. If you use WordPress, Joomla! or another content management platform, be sure to update your CMS as soon as updates are issued. The same applies to any plugins on your site.

Protecting your email accounts requires employees to adopt good security best practices. Cybercriminals gain access to corporate email accounts by sending phishing emails to employees. Your workforce should therefore be provided with anti-phishing training, including phishing email simulations to reduce susceptibility. Password policies should also be introduced to ensure employees can only set strong passwords that are difficult to guess.

Best Practices to Defend Your Brand Against Phishing

It is possible to defend your brand against phishing, but you may not be able to stop all phishing attacks that use your branding. You should therefore implement policies that reduce the likelihood of your customers being fooled by attacks. You should also ensure that when a major phishing campaign is detected using your brand, action is taken promptly to mitigate risk.

Never Ask for Sensitive Information in Corporate Emails

If a customer is used to receiving email attachments from a business, they will be more likely to open an attachment in a phishing email, especially if the brand is spoofed. You should avoid sending attachments in emails. If information must be communicated to customers, send the information in the message body or make the information available through protected channels on your corporate website. You should also inform customers about your email policies to help them differentiate your emails from phishing emails.

Be Proactive, Respond Rapidly and Alert Customers to Phishing Attacks

It would be unwise to send an email to your customers about every phishing attack that uses your brand. However, you should send alerts to customers about major phishing attacks when your brand is being abused.

Those emails should be concise, easy to read and contain simple instructions to allow customers to take steps to prevent successful phishing attacks. The emails should briefly explain what the attackers are trying to obtain and why customers are being targeted. It is useful to send an example of the phishing email to aid identification – but not the phishing email itself.

Never send any hyperlinks or attachments in those emails and avoid going into any technical details about the attack or how the phishing attack is impacting the business.

Follow these steps to defend your brand against phishing and you can better protect your customers and limit damage to your company’s reputation.

How to Spot a Phishing Email

Phishing Funnel