Even if a website’s address has the HTTPS/lock symbol, you should not click on every link and ad without care

As consumers and businesses are gearing up for Black Friday, Cyber Monday, and the upcoming festive shopping season, it is important to be on the lookout for brand impersonation attacks.

Stanley Hsu, Regional Vice President (Asia), Mimecast

Such attacks typically involve cybercriminals and scammers mimicking trusted brands to dupe people into engaging with a malicious platform, which can then be used to harvest credentials, commit fraud, steal personal information or money, or launch malware attacks. 

Recent data from Mimecast’s threat research team has revealed an increase in brand impersonations in 2022, with industries such as technology, logistics, and finance witnessing the most attacks.

Customers expect safe digital interactions, especially with reputable brands that they trust. However, brand impersonation can be extremely sophisticated, making it easy for consumers to fall victim to these attacks.

Organizations need to make every effort to protect their online brands from impersonation, but on their part, consumers also need to always exercise caution in the event that their favorite brand has not implemented the appropriate measures.

Here then, are five perennial cyber tips to bear in mind to stay vigilant online at all times:

    1. Be careful with urgent offers
      Cybercriminals often try to create urgency so that the target has less time to think straight. During the festive shopping season, they do this through “time-limited” offers. If you feel pressured to buy something quickly or click on a link, then something may not be right.
    2. A secure URL does not always mean it is safe
      Seeing the reassuring lock icon in the address bar indicates that the website uses a secure https connection. However, a secure website can still be dangerous: even with such a lock, it is still possible for your browser and device to be infected with malware or info stealers.
    3. Scan the website for language errors
      Look out for poor grammar, typographical errors and awkward language — these can indicate that a website is fake. However, as many phishing and fake websites today are very convincing, stay on guard even when you do not spot any language errors on a web page.
    4. Do not blindly click on links in emails
      If you have received an email with a link supposedly taking you to the website of a well-known retailer, do not assume you will end up on the retailer’s legitimate website. Through ‘spoofing’ techniques, cybercriminals can fake these things relatively easily. If possible, copy the URL link and enter it into a sandboxed browser to see if anything is amiss.
    5. Develop a health phobia of clickable links
      Instead of clicking on links in emails and anywhere online or offline, it is safer to go directly to a website of interest by manually searching for the official URL. When responding to emails supposedly from well-known brands, rather than responding to the sender (whose email address always should be triple-checked for spoofing and homoglyphs), compose a new email and address it to the official contacts of the brand (after some research for this contact information).