Top Brand Impersonation Attacks Detected by Armorblox in 2022
Autoblox here.
It's a beautiful sunny day in San Francisco, and I'm just sitting here in my apartment, enjoying a cup of coffee while scanning my personal email inbox. Suddenly, I see something that catches my eye: an email from my bank with an urgent subject line. Intrigued, I open the email and continue to scan the contents.
Now, I know better than to fall for this kind of thing. After all, it is my specialty. I know all about phishing scams and how people can get tricked into giving away their personal information, or worse, their money.
I decide to take a closer look at the email, and that's when I see the telltale signs. The sender's email address doesn't match my bank’s website domain, the formatting is off, and there's a strange link in the body of the email.
I quickly delete the email and breathe a sigh of relief. I know that I could have fallen victim to a phishing scam, but I'm glad I was able to spot the red flags before it was too late. It just goes to show that no matter how savvy you think you are, it's always important to be on the lookout and not get too comfortable.
This malicious email got me reminiscing on the many targeted email attacks that Armorblox stopped in 2022 - protecting our customers from threats like credential phishing, malware attacks, financial fraud, vendor fraud attacks, and more.
Below I’ve compiled a list of some of the most interesting attacks we witnessed this year. Lucky for our customers, our systems were able to spot these emails for what they were, stopping them, and protecting their end-users.
7 Brand Impersonation Email Attacks We Saw in 2022
WhatsApp Voicemail Phishing Attack from Russia
This attack spoofed a voice message notification from WhatsApp. Clicking the link attempted to install Infostealer malware onto the machine. The Armorblox research team was able to observe this attack on multiple customer tenants across Office 365 and Google Workspace. The potential total attack exposure was close to 28,000 user mailboxes.
Zoom: 1 Phish, 2 Phish Email Attack
This credential phishing attack spoofed the brand Zoom in order to steal victims’ Microsoft user credentials. The email attack had a socially engineered payload, bypassed Microsoft Exchange email security, and would have been delivered to over 21,000 users.
American Express: This is a Secure Message from your Attacker
This attack targeted unsuspecting victims of an international nonprofit organization. Attackers impersonated the trusted brand, American Express, in an attempt to steal confidential information. The email attack looked like a legitimate notification email from American Express, that included an attachment informing recipients that an account verification was mandatory; otherwise, the account would be suspended. The main link, within the email attachment message, navigated to a fake American Express-branded landing page that prompted victims to sign in to verify the account. The attack targeted 16,000 mailboxes and successfully bypassed Google Workspace email security.
Consumers’ Favorite Cyber Deal: Apple Email Attack
This email attack impersonated the beloved brand Apple and had a socially engineered payload, targeting end users at a large institution in an attempt to steal victims’ user credentials. This targeted attack bypassed Microsoft Office 365 email security, with the potential to compromise more than 10,000 users.
Instagram Email Attack: Capture and Share your User Credentials
This credential phishing attack spoofed Instagram in an attempt to steal user credentials from employees at a national institution within the Education Industry. The email attack had a socially engineered payload, bypassed Microsoft Exchange email security and Secure Email Gateway solution, and had the potential to compromise more than 20,000 users.
Fake Invoice Attack with Malware Bypasses Office 365
This attack included malware and disguised itself as a trusted vendor that was awaiting payment on a pending invoice. The email attack had a socially engineered payload and bypassed Microsoft Office 365 email security with the potential to compromise more than 100,000 users.
LinkedIn Email Attack: Welcome to your ProPHISHional Community
This email attack impersonated the popular online platform, LinkedIn. The attack had a socially engineered payload, successfully bypassed Google email security, and had the potential to compromise 500 users. The brand impersonation included a convincing phishing page that mimicked LinkedIn branding and attempted to exfiltrate user credentials.
Protect Your Organization from Email Attacks with Armorblox
Anyone can fall victim to attacks like the above, regardless of how many security trainings they’ve had. Many of these attacks prey on users’ cognitive biases, are highly convincing, and appear to come from legitimate and trusted sources. They also create a sense of urgency or make false promises of a reward to convince people to click on malicious links or open attachments.
Armorblox is able to examine the context and content of email communications to protect your end-users against attacks just like these, stopping them before they even hit inboxes. Armorblox works to eliminate the guesswork of email security, keeping sensitive data and money from falling into the wrong hands.