Four Ways Online Impersonation Fools Your Customers


By Christopher Lincoln
Share this post

Online impersonation comes in all shapes and sizes, including recruitment scams, fake loan offers, and phony billing sites, to name just a few. It’s also a large-scale operation with 3.4B fake emails sent every day[1], making it difficult for brands to stay ahead of the game.

In this blog, we share four ways that fraudsters capitalize on your brand by fooling your customers.

1. Using mail exchange servers with registered branded domains

To gain personal information, fraudsters may set up a domain for a brand using a domain extension that the brand doesn’t already own (e.g., .ORG, .UK, .NET). This means that the registrant can set up email accounts using that domain, sending scam emails to glean people’s personal data, including:

  • Emails claiming someone has logged into an account and urgent attention is required (particularly prevalent in the financial sector)
  • Phishing emails stating an account has been accessed by an unfamiliar device in a foreign country

Recipients can be easily fooled by sophisticated phishing emails, which may include the brand in the name field, the logo, correct fonts and colors, and a legitimate company address.

2. Email spoofing

Email spoofing is when a phisher uses online tools to make their own email address look like it’s from an official domain, e.g., making “bob@domain.com” look like “customersupport@apple.com.” This enables fraudsters to impersonate anyone from CEOs[2] and finance executives, to customer service teams, or even Disney characters!

In contrast to using mail exchange servers to create authentic email addresses, many email spoofing scams rely on the recipient following a link, rather than replying. Once the link is clicked, your customer’s personal data is at risk.

At CSC, we know how to check the original source of an email, but the average user is unlikely to know how to verify the source. If you receive an email from a colleague asking for something suspicious, we suggest you confirm the email was legitimately sent by them either over the phone or in person before making any transactions—even if the request is a rush from the CEO.

3. Fake social media profiles

Phishing on social media has climbed by 74.7% in Q1 2019[3]. Fraudsters create fake profiles for brands or influential figures, using the brand’s name in the username, its logos, photos of an executive, or relevant background images, to make them look as genuine as possible.

Infringing accounts then make incentivized posts, encouraging users to contact them directly through messaging services like Facebook® Messenger and WhatsApp. Sometimes they use fake personal profiles to post bogus reviews linking to the fake brand profile; sometimes they use the profiles to sell counterfeits on social media marketplaces.

Even with Facebook and Twitter® verification ticks, infringers play the numbers and rely on the fact that not everyone will be up-to-date in recognizing what this means. It’s worth noting that LinkedIn® doesn’t feature a verification tick and anyone can quite easily set up an account with a fictional employment history[4].

4. Copycat websites

Copycat websites are where a fraudster has built a website using the genuine brand’s digital assets (logos, fonts, colors, etc.) to mimic the legitimate site, often using the same domain. Phishing emails then direct unsuspecting users to the copycat site with offers of large discounts, competitions, and other incentives to get their personal information

Copycat websites can be scarily subtle, some look almost exactly like the real thing, function smoothly, and offer user-friendly interfaces. Domain monitoring can act as a lifeline when it comes to identifying these sites and protecting your IP.

Stay tuned for part two of this article, when we’ll look at how you can protect your brand from these threats.


[1]valimail.com/resources/email-fraud-landscape-q2-2019/

[2]cpomagazine.com/cyber-security/the-phishing-scam-that-took-google-and-facebook-for-100-million/

[3]betanews.com/2019/05/02/social-media-phishing/

[4]digiday.com/marketing/linkedins-fake-account-problem/