Brand Phishing Emails: How to tell they’re fake

Email phishing attacks [fraudulent emails attempting to get personal information or gain access to a network]  significantly increased when the pandemic hit in 2020. While many of us worked from home, cyber criminals seized the opportunity to find more victims. Phishing attempts increased from 25% to 36% in frequency (Verizon 2021 Data Breach Investigations Report). Not surprisingly, there was also an increase in brand phishing as people did more personal business than ever online. 

Brand phishing is when cyber criminals imitate a well-known brand and try to get you to take the bait. It looks like an email or text from a leading brand, one with which you may very well have an account.  Their goal is to get you to click on a link in their message, so they can gain access to your personal information, computer, or even your IT network system. 

Retail, technology, shipping, and now banking, are among the most likely industries cyber criminals will imitate. From a purely anecdotal standpoint, we can attest to our team members receiving multiple brand phishing emails in recent months that featured nationally known banks.  Maybe you’ve received some too. 

Many of these imitations look legitimate, and it’s easy to be fooled. It’s not hard to identify sloppy attempts to mimic a name brand company. However, the more sophisticated scammers design logos and website pages that are convincing. That’s why the first rule of thumb is “When in doubt, don’t!” Don’t click that link or respond.  It’s worth it to take the time to make sure it’s a legitimate email.  

There are different signs that indicate an email could be fraudulent. They’re listed at the end of this article. For the sake of time, let’s get down to the most objective way to identify a brand phishing scam.  

Check for inconsistencies in the domain names, email addresses, and links.

Make sure you look not just at the sender name but also the email address and the domain from which it is sent. Sender names and logos can be faked, but domain names can’t (unless, of course, the company has been hacked). If you’re not sure what a domain name is, don’t worry. Here’s a quick explanation.  

The domain name is the identification string and portion of the address or web address that comes after the “@” sign in an email or website address. It identifies the administrative authority or control within the internet and is associated with a physical IP address. For example: or  

Let’s look at an obvious example of a brand phishing scam:

If you receive an email from QuickBooks and the email address is, you’re looking at a scam. Some smaller or start-up businesses may use Google mail accounts, but most businesses have their own domain, especially the larger brands that are often associated in brand phishing scams. It’s safe to say that QuickBooks isn’t using Gmail to communicate with their customers.  

Still, experienced phishing criminals find ways around the obvious scams. They look for ways to trick you into thinking the email address is legitimate. How? They create domain names that are similar or contain the company’s name.  

For example: is the domain for Microsoft. A phishing scammer might send you an email with Microsoft’s name in the address but replace the letter “o” with the number zero:  

A common trick is to use an “r” and an “n” to make it look like an “m” at first glance. For example, instead of the If you don’t look at it carefully, you may miss the subtle difference. By the way, Microsoft and Amazon are two of the top three brands that appear in brand phishing scams. Below is an example of a rnicrosoft phishing email scam.  Look closely at the domain name of the sender’s email address:

How do you check these domain names and emails?

Let’s use an actual phishing email received by a colleague of mine as an example. It says it’s from Intuit, and it’s regarding his QuickBooks account. The content suggests that some type of verification is required. In this case they’re saying that his last transaction was incomplete, and they want him to verify his information to complete his last deposit.  

Notice the logo. It looks authentic. Notice the “From” line says Intuit. But remember, these can easily be faked. If you want to make sure that it actually came from Intuit, simply hover the pointer over the email address and check the domain name. Make sure you look at the portion after the “@” sign and it matches the actual domain of that company. It’s not enough for the company name to be a part of the email address. The entire domain must be accurate. Notice in this next image that the email address says @ The domain is not Quickbooks or Intuit. If you weren’t suspicious before, you should be now.  

Finally, beware of the links they include. In this email the link looks legitimateEven so, you shouldn’t be so quick to click on it. In this case, we safely investigated this link and found that it took us to an entirely different web address.  

We don’t recommend that you do this yourself. Sophisticated scammers can create convincing web pages for their domains and the links they share in their emails. Clicking a link could allow malware onto your computer and network system. Ultimately remember the rule: If you’re in doubt, don’t click. Take the time to check the actual domain of the company and compare it against the email. If you have concerns about your account, contact them directly through their website and not the link supplied in the email.  

Here are some other signs that indicate it may be a fake email: 

  • A request for your payment info, login info, personal details 
  • Spelling and grammar errors. Often these scams are created by people who don’t speak English or by a computer translation program. 
  • Urgency: If the tone of the email is pressing you to act immediately to avoid a problem or negative outcome, you may be looking at a scam. Example above: “Final Warning” 
  • Suspicious attachments 
  • An unusual request, something out of the norm for that company

The key is to be aware. Cyber criminals are savvy. They want your credentials and access to your data. Be smart, vigilant, and protect yourself and others.  

Knowledge is power, we recommend security training for all employees. It’s a critical part of protecting your business and team. If you know someone who could benefit from this information, don’t hesitate to share it. Stay safe!