Today’s Biggest Brand Threats According to ZeroFox Analysts

From Q1 to Q2 2023, ZeroFox saw a 164% increase in verified external cyber threats against brands. The most significant change in the threat landscape was related to fraud, scams, and piracy—verified alerts for these threats increased 35% quarter-over-quarter across the ZeroFox customer base. Impersonations also saw a nearly 20% increase from Q1 to Q2, as cybercriminals utilized the value of impersonating already-established brands to appear more legitimate.

Domain-Based Threats

Combating suspicious domain registrations is an ongoing battle for many organizations. The ROI for threat actors leveraging lookalike or spoofed domains remains high, with many displaying the tenacity and forethought to register domains months or even years ahead of utilizing them in malicious campaigns. 

Q2 2023 Breakdown

Twenty Percent Increase in Spoofed Domains

More than one-third of the spoofed domains were tied to phishing campaigns.

• US and UK-based organizations were heavily targeted.
• Organizations in Greece saw a whopping 95% increase in domain issues, likely tied to the social unrest and legislative elections that occurred there during the quarter.
• Ireland and Austria were on the list of the top-five countries impacted by spoofed domains.

Manufacturing Saw Largest Increase in Domain Impersonations

• The manufacturing sector saw an 81% increase in domain impersonations, the highest increase observed. 
• While the technology industry also remained near the top of most-impacted industries on average by organization, it experienced a drop-off of two-thirds compared to Q1 2023. 
• Financial services remained the hardest-hit industry for domain impersonations; however, identified incidents quarter-over-quarter remained nearly level.

New TLDs Expand the Attack Surface for Threat Actors

New top-level domains (TLDs) also have potential cybersecurity implications. For instance, the TLD .zip was released in May 2023 and raised concerns about the potential confusion of the TLD with the file designation, which has been leveraged by threat actors increasingly over the last few years in malware campaigns. 

Forward Look

There is only one confirmed TLD release for Q3 2023 thus far; additional TLDs will likely be added over the remainder of the year, but the amount will depend on the applications received as well as the outcomes of the review periods for each.

Frauds

Any holiday, tragedy, or social event can present threat actors with opportunities for fraudulent activity, ranging in complexity from low-level, rudimentary email and SMS-based scams targeting mass audiences to sophisticated spear phishing attacks directed at specific organizations and individuals. Scams can also provide threat actors with a wealth of financially-lucrative information, including personal and financial data.

Q2 2023 Breakdown

Twenty-Six Percent Increase in Fraudulent Activity 

• Nearly 80% of the fraudulent activity was due to gift card scams, plaguing retailers and consumers. 
• Fraudulent job postings rose by more than 50%, which leverages legitimate organizations to create fake job postings in order to solicit personal and financial information from victims. 
• Membership, giveaway, and sweepstakes/prizes scams saw marked increases compared to the previous quarter, as threat actors continue to prey on consumers using “too good to be true” lures. 

Money-Flipping Schemes Are On the Rise

In Q2 2023, ZeroFox observed a nearly 100% increase in money-flipping incidents. In the last several months, money-flipping ads on social media have gained in popularity, with scammers promising to multiply victims’ cryptocurrency investments—which are then unrecoverable.

Forward Look

New Laws

In June 2023, New York passed a law whereby retailers have to post signs near gift cards to warn consumers about possible scams. Should additional states implement similar legislation, this could have a marked increase in consumer awareness and make it more difficult for threat actors to prey on their victims.

Evolving Deepfake Technology

Deepfake technology evolution will make it more challenging for potential victims to discern between real and deepfake-generated profiles. Organizations will have to be much more proactive in identifying impersonation profiles with ongoing monitoring when they appear, as well as remediating them when identified, in order to protect their organization’s reputation.

Social Media-Based Threats

Both key personnel and organizations are frequently impersonated on social media by cybercriminals, who make fake accounts using their name, likeness, and other personal information. While these accounts may employ different tactics and have varied end goals, they can both lead to the same result: damage to an organization’s brand.

Q2 2023 Breakdown

Number One Targeted Industry: Media

More than half of the impersonation accounts identified in the last quarter were in the media industry. After media, a quarter of the impacted industries included consumer goods, retail, and hospitality.

Social Media Impersonation Using Key Personnel Biographies

Impersonation accounts that leveraged a biography with a name and image to legitimize profiles saw a 22% increase, and those that used a biography with a name increased by 35%. These biographies are typically quite easy for threat actors to find and utilize, as much of the content is available on corporate websites and/or professional social media profiles.

Forward Look

Social Media Platforms Cracking Down on Impersonation Accounts

Social media platforms actively roll out mechanisms to combat impersonation accounts. For instance, in the coming quarter, YouTube will begin cracking down on fan accounts that do not explicitly state their purpose—both to protect users from being misled by threat actor impersonation accounts and to protect creators from having their likeness and brands used with malicious intent. 

New Proposals by the FTC

The Federal Trade Commission (FTC) has been working on new proposals for laws that would hold threat actors accountable for these impersonation accounts and give organizations more leverage to pursue them for financial and reputational damage resulting from these impersonations.

How to Protect Your Brand Against Rising Threats

While safeguarding an organization’s brand requires a multi-faceted approach, ZeroFox researchers have identified several proactive steps that can protect your brand:

• Establish, monitor, and protect all digital and social media platforms in order to have an official presence, as well as identify any issues to the official accounts or to identify impersonation accounts.
• Organizations should proactively register domains leveraging their brand names based on the upcoming TLD release calendar to get ahead of threat actors registering and weaponizing these domains.
• Remove impersonating domains and social media accounts.
• Document and track executive exposure in open and closed sources and reduce digital footprints to minimize the availability of media that fuels impersonation.
• Establish a program for ongoing monitoring of brand mentions on the dark web.
• Configure ongoing domain monitoring with ZeroFox to proactively identify infringing domains that could cause reputational harm to your organization and your customers. From there, utilize ZeroFox Disruption services to take down the infringing content.
• Remain vigilant with texts and emails, and do not click on links from unknown senders.
• Integrate filtered or curated threat intelligence specific to your threat environment to better prioritize and surface relevant alerts.