Spoofing brands is a common form of phishing.

Brand impersonation, as it's called, aims to take advantage of a company's goodwill and recognition to accomplish two things:

  • Fool scanners to get into the inbox
  • Fool users into doing something they don't want to do, whether it's hand over payment or credentials

 

Some of these emails are more convincing than others. And they usually spoof some of the world's most popular brands, like DHL, LinkedIn, Microsoft and more.

This spoof we saw was fairly interesting--and a little bit funny. It was a spoof of Avanan! Not a great one:

The link goes to a classic credential harvesting page.

Imitation may be the highest form of flattery--but if you get an email like this, it's a good idea to a quick double check. You'll notice that the email address has nothing to do with Avanan; the term "unread aviation emails" doesn't make sense in this context.

If get an email from any brand, and you think it appears phishy, ask your IT department or the brand itself.