Craig McDonald 19 February 2018 13:10:08 AEDT 4 MIN READ

Brandjacking scams: data theft and malware hiding in plain sight

In this age of internet-based commerce, all cybercriminals need to do to take control of our company’s finances or steal our data is get us to click on a link. Scammers have come up with some devious tactics to induce their victims into falling for their tricks, and one of the most successful is brandjacking.

Essentially, brandjacking is a kind of forgery; scammers exploit the trademarks of well-known companies to deceive their victims and gain their trust.

In a typical brandjacking scam, criminals create email templates that look like messages from big companies and send them out wholesale to millions of recipients. When the scam messages show up in victim’s inboxes they feel safe opening them, because they look like legitimate emails from familiar companies.

Some common brandjacking formats are fake invoice notifications or requests for account verification.

This is a screenshot of a recent brandjacking email that MailGuard intercepted:


Although this message is not well written, it uses the Westpac logo to gain the trust of the recipient. It’s easy to imagine a busy Westpac account holder scrolling through their emails and clicking on the link in this message without thinking. Even if one person in a thousand clicks on the link it’s a win for the criminals. They send these messages out by the millions, so the odds are in their favour.

The unwary person who follows the link in the email is taken to a fake bank login screen devised by the scammers.


Like the email message, this page carries bank branding to make it look convincing, but it is actually just a phishing site designed to harvest data.

If the victim enters their bank login details, the data is recorded by the criminals and used to hack into the victim’s bank account. Once they have entered their login details the phishing page sends the victim to the real bank website, so they are not even aware they have been scammed.

It’s that simple.


Here’s another example - it’s a notorious Netflix brandjacking scam that MailGuard intercepted earlier this year:


The ‘update payment’ link in this message actually takes the victim to a phishing website that collects credit card details - see screenshot below:


Messages like this are unlikely to be detected by traditional antivirus software so they reach the inboxes of new victims every day.


Sometimes the objective of a brandjacking scam is to get the victim to download and install hidden malware like trojans or ransomware.


This Telstra brandjacking scam hit unprotected inboxes all over Australia in January. The power of a scam like this is the popularity of the company it is ripping off. Telstra has a massive customer base, so there are plenty of people who would have seen this message as quite innocent.

Clicking on the ‘view bill’ link in the message took victims to a downloadable file that looked innocent enough, but when opened covertly installed malware onto their hard drive.


If your company’s email accounts aren’t protected, brandjacking emails are almost certainly being received by your staff.  Cybercriminals know we can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing. 

People are not machines; we are all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.


> Join the conversation: follow me on Twitter or LinkedIn to stay informed about cybersecurity issues and news.