Special Scam Of The Week: Big Brand Hijacking



An existing KnowBe4 customer tweeted about a fresh scam with the hashtag #RedFlag, and sure enough it had quite a few Red Flags. The bad guys are getting quite inventive, this time causing confusion using the UPS logo with a phishing attack on both employees and people at the house. Have you ever noticed that when people get confused, they go blank for a moment? That is what the phishers are consciously exploiting. Did I really send something that day? Perhaps it was another day and they got it wrong? What is this? -CLICK-



Big brand hijacking is extremely popular with phishers these days. Be especially careful when you get emails that use the following brands: UPS, FedEx, Amazon, DHL, Verizon Wireless, Internal Revenue Service, Better Business Bureau, Bank of America, and Facebook. Just the FedEx brand alone is 'stolen' daily and used in 1-5 million(!) phishing emails. I would grab the picture, put it in an email, and send it as a contest to all employees. Ask them to spot the right number of Red Flags, and the first three employees with the correct number get recognized. Here is the PDF they can print out with all the 22 Social Engineering Red Flags related to email.

[caption id="" align="alignleftr" width="525" caption="Scam Of The Week: Big Brand Hijacking"]Scam Of The Week: Big Brand Hijacking[/caption]



Here are the four most obvious Red Flags related to this phishing attack:



  • 'From' and 'Reply-To': the ups-us.com domain is made up to look official but is false.


  • 'Subject': A legitimate email from UPS would never use this kind of language.


  • Content: You are being asked to click on a link to avoid a negative consequence.


  • Hyperlink: Hovering over the link shows a domain that is unrelated to UPS.




Again, here is the PDF they can print out and pin to the wall with all the email 22 Social Engineering Red Flags.
















Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews