Skip to content
All posts

Brand Impersonation: Advanced fee scams

Blog Images (1)

In 2022, Lloyds Bank based in the UK warned their customers of an 82% surge in advance fee scams, with loan fee scams increasing by 105% year over year (YOY).

So, what are advanced fee scams? How can you protect yourself? And how do you as a corporation ensure that your brand is not abused in these scams?

First of all, advanced fee scams occur when victims are asked to pay an upfront fee for goods or services, however, once the money has been paid the victim never receives what they were promised. In most cases, victims will have been contacted via email or text message where they are asked to provide contact information and bank details to verify their identity and to transfer some money, being promised that the money or service will be returned to them in exchange for their trust. However, at this point in time, the scammers will have run away with your money.

While advance fee scams have been rising by 82%, the average amount of money victims lose to these scams has lowered by 40% compared to 2021. This trend indicates that scammers are targeting a higher volume of low value individuals. This is likely due to the cost of living crisis, which has left many people with mounting bills to pay and desperate for ways to become more financially secure. By targeting a wider range of people, scammers are also more likely to have a least a few people take the bait thus providing them with higher chances success.

Screenshot 2023-02-24 at 14.37.37
Average money lost to advance fee scams

In order to fool victims into believing the scam and responding to it, threat actors commonly use brand impersonation tactics, wherein they use a brand's logo, colours, font, and so on, to ensure recognition and inspire trust with victims. As brands today all have some form of online presence, replicating and impersonating a brand is a relatively simple task for threat actors to accomplish.

For these attacks to seem more legitimate, threat actors will often include a link to a legitimate looking website that victims can use to verify their claim. Threat actors do this by registering a similar domain name to the targeted corporation before creating a fake website that through brand impersonation looks genuine and similar to the legitimate site if not a complete clone.

Many different examples of this scam exist.
Let’s check out a few of them below:


Delivery Fee Scams

In these scams users are told that their package was not delivered and that they therefore must pay a small fee in order to get it delivered or risk the package being sent back. So beware if you are a fan of online shopping.

Here threat actors are impersonating DHL, who are responsible for the delivery of billions of parcels every year, requiring individuals to follow the link to a fake website where they must enter their financial details and pay a small fee in exchange for the delivery of their package. Curious what the link in the email may look like? Check out a fake DHL website that we identified HERE!

Screenshot 2023-02-21 at 15.07.25
Source: BleepingComputer

Bank Loans Scams

A bank loan scam is pretty straightforward. Being offered a huge loan with low interest rates is certainly enticing, but often too good to be true. And if they’re asking you to pay a small fee first in order to get the loan, definitely a red flag and time to abort the phone call and report that pesky email.

In the below example, threat actors impersonated Australian Commonwealth Bank, and were attempting to lure victims into providing sensitive financial information by sending out an email offering victims good loans without them having submitted an application beforehand. Let us inform you that the likelihood of this legitimately happening is about 0%.

Screenshot 2023-02-24 at 15.50.44
Source: Commonwealth Bank


Job recruitment scams

Getting your dream job, but being asked to send your new employer money in order to buy remote-work supplies and tools with promises of the expenses being reimbursed? RED FLAG!

These scams are unfortunately becoming more and more common with remote jobs and online interviews becoming the norm. Check out our article on this topic here, if you want to understand more about how these scams work and how you can protect yourself from becoming a victim.

Screenshot 2023-02-24 at 15.38.32
Brand Impersonated job site

Sweepstake Scams

If you receive a call, email or social media notification congratulating you on winning a big contest or being selected for a big prize, you are likely experiencing a sweepstake scam. Once the threat actor has convinced the victim that they will receive a large sum of money, they will most likely be asked to pay a fee, taxes or customs duties in order to claim it.

In the example below, threat actors have impersonated Western Union, an American financial services company, and are informing victims that they have been selected to receive 1,5 million USD as a result of a “UN Humanitarian aid/Poverty Alleviation Program (UNPAP) 2017”. They simply require that the individual provides them with personal information including, name, address and phone number. Unfortunately, 1.5 million does not come along that easily.



Scholarship scams

In many countries scholarships are highly coveted, and a great source of concern for students and parents faced with high tuition fees and loan debts. So when someone comes along offering you a full ride scholarship to your dream university at the expense of a small advance fee, it’s difficult to say no. Read more about how individuals could be targeted in these scams here.


Refund and Recovery Scams

So you’ve been the victim of a scam, maybe similar to one of those listed above. And we’re assuming you’d love to get your stolen money back, right? Well unfortunately threat actors have made the same assumption. In these scams people who have already lost money to scams may be targeted by a refund or recovery scam where someone is offering to help you get your money back. But surprise… you have to pay them first before they start helping you, such as in this scam where threat actors posed as support staff offering to unlock the users allegedly frozen Bitcoin assets.

Screenshot 2023-02-24 at 17.37.38


To protect yourself from falling for these scams, be sure to ask yourself these questions:

  • Does the offer sound too good to be true? Then unfortunately, it probably is. If a random and unknown person from the other side of the world is offering you 136 million USD, let us be clear… IT IS A SCAM.

  • Does the offer sound to good to be true, but the person comes from a reputable organisation? If so, try to call the company in question through their registered phone number, NOT the one provided to you by the potential scammer, and ask them whether the deal or offer that you have been presented with is legitimate.

  • Is the person or company contacting you putting you under pressure to react quickly? Urgency is a common tactic used in these scams, to make victims feel a sense of stress and thereby more likely to comply.

  • Can you locate the person or business contacting you? Be cautious of businesses without a known street address or who never respond when you call their line directly.

  • Are they offering you a loan regardless of your credit status? Reputable lenders will always conduct thorough loan checks. Unfortunately, no one is that lucky.

  • Are they asking you to pay an upfront fee in order to get a loan via a strange transaction method? Most legitimate banks and credit brokers will have very strict processes with a lot of authorisation options so you can check whether it is a legitimate company or not.

  • Does any website you are provided with seem legitimate? Check the domain name and double check it. You might find that its been typosquatted and be a fake version of the real website.


Impact to your brand

While these attacks have the intention of stealing personally identifiable information and money from individual victims, the company’s being used and impersonated by threat actors in search results also face consequences. Ironically, while brand impersonation of companies is used by threat actors to inspire and gain trust in victims, the companies being impersonated run the risk losing the trust of their customers. Therefore it is imperative that companies take part in and invest in the effort to ensure that threat actors limit exploitation of their brand to protect their reputation as a trusted brand.

Online Impersonation Ebook Blog Ad (1)


With more than 180,000 domains registered globally every day, identifying malicious domains that are used to steal sensitive data from victims, is the first step in preventing further attacks. However, this requires analysing every single domain registration to identify a malicious registration, which cannot be accomplished manually and requires specialised tools to efficiently and effectively analyse.

Companies must use domain protection services where they can receive notifications when similar domains are registered in order to prevent these attacks. At Bfore.Ai we have the solution needed to combat these search engine brand attacks to prevent long-term damage to your brand. Using predictive technology to evaluate and identify malicious domains before an attack is launched by the threat actor, we can rapidly identify threats and swiftly deploy countermeasures, stopping cybercriminals before their attack gets moving. Schedule a demo today to learn more about how Bfore.Ai can help your company stop brand attacks to defend your reputation.