A recent spate of attacks on the civilian & business market has prompted us at EIT to dedicate an article to Brand Jacking, a specialized kind of phishing.
November 30 2017
What is Brand Jacking?
Firstly, what is ‘Brand Jacking’? Brand Jacking is essentially a phishing attack with a decent amount of effort added to disguise the attack as a legitimate email from a trusted source. The difference between regular phishing and brand jacking is that regular phishing often uses an unbranded authority source claiming you have been given a fine or overdue fees with limited time to pay.
Brand jacking takes far more effort to research and prepare with the final attack looking nearly identical to a legitimate email from a trusted source.
Recent Cases of Brand Jacking
Cyber criminals have been very busy recently, sending out a number of well-coordinated and well-designed brand jacking attacks. So far all of these have been picked up by Mailguard and the relevant authorities, with the attacks all cloaking themselves as three trusted Australian providers; Telstra, The Commonwealth Bank and Energy Australia;
All three emails look professional, clean-cut and legitimate. Without closer inspection, many people could click the links without a second thought. All have the branding font, colours, images and logos of the provider they are imitating. The Telstra & Energy Australia emails even make mention of various company initiatives, notice the ‘25 Years of celebrating ‘that’ business’;
These attacks are not the easiest to pull off, as each attack would take sufficient research into how each company present and design their emails, the wording they use, the various company initiatives and the designs/fonts/logo’s used by the business.
The organisers of the Telstra attack have even gone to the extended effort of registering similar URL’s;
A step above most phishing attacks, as the unusual domain name is often one of the key methods to determining whether a received email is legitimate or not.
How to Spot a Brand Jacking Phishing Attack
Even as convincing as these attacks are there are still ways to determine that they are illegitimate. The first place to look is the sender address;
Notice the ‘q’ in the ‘Telstraq’ the way ‘energyau’ has no dash or neater formatting or the ‘ccjsm.ro’ in the false CBA email. Although more convincing than most email addresses used by spammers, the somewhat messy formatting and addresses are signs of the email’s illegitimacy.
Other signs include all of the calls-to-action (CTA’s). Each email is presenting an unpaid bill or is urging action on an account and is requesting the victim login to their account to pay a bill or add a detail to their account.
Although many providers do send bills and account notifications via email, (depending on how you have organised to receive bills and notifications from your various providers). Most will be personalised to you specifically, by referencing you directly by name, account number and address. If you look at the emails none of them give a name but are addressed to ‘customer’ with no mention of an account number or home address which the bill relates to.
What to do if you are attacked by a Brand Jacking Attack?
Hopefully you have some kind of email security installed on your email server such as Mailguard (who was the company that originally spotted these attacks and highlighted them to the general public). But if such an attack should make its way into your inbox, the best thing to do is to mark as spam (most email inboxes have this function). This will remove the spam specified email and block the senders email address from reaching your inbox again.
If you do happen to open the email thinking it is legitimate, never click on any of the links or reply to the email. Simply go back and repeat the above step, adding the email to the spam block list.