Your brand is a key business asset. It’s your trust bank which says who you are and what you offer but increasingly brands are at risk from cybercriminals who are impersonating them to entrap unsuspecting victims.
In the UAE, Sharjah Police has now launched an awareness campaign about the dangers of cyber brand impersonation (spoofing) after witnessing a sharp increase in the number of people falling foul of fraudulent schemes involving fake emails and WhatsApp messages.
At the launch of its ‘Be Aware: Stop, Think, Protect’ campaign, Sharjah Police revealed a 70% rise in cybercrime reports in the emirate in the past two years and it’s looking to help people identify when they’re being targeted by cyber criminals.
The most common forms of cybercrime are phishing and online brand impersonation attacks that trick people, including customers and employees, into opening attachments from unofficial sources, clicking on unknown links, and sharing sensitive personal information, including passwords and banking logins.
Brand Hijacking on the Increase:
Cloud cybersecurity services provider Mimecast says cybercriminals are increasingly hijacking trusted brands and launching cyberattacks from lookalike web and email domains to increase their chances of successfully duping victims and that many companies remain vulnerable due to a lack of technology and robust security policies.
In its 2021 survey Mimecast discovered that consumers in the Middle East are more risk averse than others. In Saudi Arabia 75% of consumers and 78% in the UAE said they would stop spending with even their favourite brands if they fell victim to a phishing attack involving them. Compare that to a global average of 57% and you can understand the level or risk adversity in the region. Furthermore, over 80% of consumers in the Middle East also believe brands have a responsibility to protect them and themselves from email and website impersonation.
Mimecast’s latest State of Email Security 2022 report found that while things are getting better, they are still not great. It revealed that only 42% of organizations in Saudi Arabia and 38% in the UAE, are somewhat prepared – or not prepared at all – to deal with attacks that spoof their email domains.
The Crime Busters:
Deploying online brand protection tools can help companies identify and take down malicious websites which impersonate their web and email domains before customers fall victim and these, according to Mimecast, should be supported by a sturdy regime of regular cyber awareness training so that all employees can detect and avert the risks.
Employees who receive suspicious email communications on their work email address should immediately report it to their security teams who can contain the threat, protect the organization, and keep threats from spreading to customers and partners.
Alert Staff to Danger Signs & Avoidance Measures:
Mimecast says some tell-tale signs that you’re being targeted by a scammer, include:
- Receiving unsolicited and unexpected communications
- Messages that contain unbelievable offers, spelling errors, or a sense of urgency
- Mails sent from webmail accounts, for example mimecast@gmail.com
- Mails containing redirects to login pages that have suspiciously long URLs
- Being asked for PIN numbers or login details
If staff receive any of the above, they should:
- Stop communication immediately and verify requests with the organisation who is supposed to be reaching out to them.
- Don’t use phone numbers provided in suspect communications
- Never share login details, never make cryptocurrency payments, and never click on links unless they know they can be trusted.
If the worst does happen and an employee does fall for the scam and share personal information, they should:
- Immediately change all their social media, email, and banking passwords.
- Report scammer email l communications to the company security team.
- Report the cases to the local relevant authorities.
Authorities Act:
Authorities in the region are increasing penalties for cybercrime. In the UAE, Article (11) of the Federal Decree-Law No. 34 of 2021 stipulates that any person who creates a fake website, online account or e-mail impersonating a natural or legal person, will face imprisonment and/or a fine of not less than Dh50,000 and not more than Dh200,000, or one of the two penalties. Offenders can be jailed for a minimum of two years, if they use or allow anyone to use the fake website, online account, or e-mail to cause harm to an impersonated victim. In Saudi Arabia, the Public Prosecution has reaffirmed that a jail term of three years and fines of up to SR2 million can be imposed on those who create or send fake links, texts or electronic messages that impersonate government agencies, bodies, or financial or service institutions to fraudulently obtain money or financial data.
Companies Are Acting but More Needs to Be Done:
Mimecast reports signs that businesses are taking the online phishing and brand spoofing threats more seriously by turning to resources to detect instances of brand mimicry and counterfeit websites. In its 2022 survey, Mimecast found that more than three-fourths of respondents (76%, up from 72% the previous year) were using monitoring services.
DMARC To the Rescue:
Mimecast says companies are making use of Domain-based Message Authentication, Reporting and Conformance (DMARC) to protect their brands. This email authentication protocol helps safeguard companies against domain spoofing by determining whether an email originated from within the domain with which it is associated. The Mimecast 2022 survey revealed 89% of respondents are already using DMARC or are in the process of implementing or considering implementing it within the next year.
Where Next:
If you would like to know more about DMARC and how you can safeguard your brand online, get in touch with our experts now on +97144553100 or email: sales.uae@cobweb.com.
