- COVID-19 has aided brand impersonation
- Business Email Compromise is increasing
- The shift toward e-commerce and delivery has made Amazon and DHL major targets of impersonation
In April we shared a story about Costco customers being enticed with the promise of freebies and stimulus checks. This was, of course, a scam, but rest assured that six months under the pressure of a pandemic has not eliminated the parade of brand-related fraud attempts. Even the FDIC is not immune from impersonation.
Payment and Invoice Fraud Increasing
Helpnetsecurity.com, quoting an Abnormal Security report, explains that there seems to be a peaking and plateauing of COVID-19-themed email attacks, an increase in BEC (Business Email Compromise) attack volume, and acceleration of payment and invoice fraud. Most of these scams rely upon impersonating a known company or brand.
The report also uncovered changing trends in these brand impersonation attacks, a form of fraud where a bad actor assumes the identity of a trusted or known entity. Will it surprise you to learn, given the current remote meeting trends, that ZOOM (NASDAQ: ZM) became the most impersonated brand in Q2?
Also, COVID-19 has meant a shift toward e-commerce and delivery -- so it's only logical that Amazon and DHL would be next in line as most impersonated. (For comparison, the three most impersonated brands in Q1 2020 were American Express, Amazon, and iCloud.)
Working From Home: Letting Down Our Guard?
Some blame a distracted and dispersed workforce for the increase in scam impersonations that target businesses.
As the professional community continues to work in a remote environment, email impersonations present the perfect way for opportunistic fraudsters to take advantage of human vulnerabilities.
Although there are infinite variations of impersonation attacks, each one relies on an end users’ misguided trust in surface appearance and quick reactions to emails. The survey found that this type of attack has continued to flourish, with 35.1% of respondents saying that people impersonation attacks ranked as their top email threat in 2020.
Meanwhile, 42.4% report seeing impersonations of well-known brands in their inbox – a sharp rise from just 22.4% in 2019. Furthermore, ten percent of participants flagged brand impersonations as their top email threat, another increase from 2019 (4.8%).
Once a fraudster can convince his or her target that they are indeed Amazon, DHL, ZOOM, etc., -- vendors that are routinely paid by companies of all sizes -- the rest is easy. Invoices are simple to manufacture, and there is inherent trust in a recognizable brand. Add this to distracted employees trying to manage work from home, and you have a recipe for fraud.
Reversing the strategy, sometimes a check is offered for deposit if the target will only return a portion of the amount -- often via their own company's wire transfer - to cover "routine vendor costs," etc. The check will eventually be found to be bogus, leaving the target and his or her employer liable for the amount. Meanwhile, the wired money is long gone.
Businesses need to ensure that they have a strong relationship with their vendors and have payment protocols in place. One safeguard that is typical within accounting software and ERP's is vendors payment information. This includes payment method, remittance payment address, and wire payment information all saved within the system. If an invoice is submitted and the delivery address for the check payment or wire payment information varies from what is on file, this is a red flag indicating that the invoice may be fraudulent and should be followed up upon before processing.
For the situations where the fraudulent vendors provide a check to cover "routine vendor costs," banks deploying a comprehensive fraud solution incorporating both image analysis and data analytics provides their consumers with a safeguard to detect fraudulent payments to prevent losses.