Expert Speak
It’s Surprisingly Common for Criminals to Impersonate Your Brand and Customers Often Pay the Price

Written by Werno Gevers, Regional Director of Mimecast Middle East
Cybersecurity experts are urging companies in the Middle East to take bold steps to protect against online brand impersonation attacks that could trick customers and employees into sharing sensitive personal information – or even passwords and banking logins. Werno Gevers, cybersecurity expert at Mimecast, says cybercriminals are increasingly hijacking trusted brands to launch cyberattacks from lookalike web and email domains to increase their chances at successfully duping their victims – and many companies are not keeping pace.
“A lack of technology and appropriate security policies can leave the door open to criminals using trusted brands to trick customers, partners, suppliers and the brand’s employees,” says Gevers. “Deploying online brand protection tools can help companies identify and take down malicious websites impersonating their web and email domains before customers fall victim. This should be supported by a robust regime of frequent and ongoing cyber awareness training to equip every employee with the knowledge to spot and avoid risky behaviour.”
In a survey conducted by Mimecast in 2021, 75% of consumers in the Saudi Arabia and 78% of consumers in the UAE said they’d stop spending money with their favourite brand if they fell victim to a phishing attack involving that brand. Compared to a global average of 57%, this places the region’s consumers among the most unforgiving of all markets surveyed. More than 80% of consumers in the region also believe it is the brand’s responsibility to protect itself from email impersonation, with a similar percentage saying it is the brand’s responsibility to protect itself from fake versions of its website.
Despite the risks, Mimecast’s latest State of Email Security 2022 report found that as much as 42% of organisations in Saudi Arabia and 38% in UAE were only somewhat prepared – or not prepared at all – to deal with attacks that spoof their email domains. This potentially leaves the door open to threat actors subverting trusted brands to trick consumers or employees into divulging information that could later be used in sophisticated social engineering attacks, or even to breach organisational defences.
Gevers says employees that receive suspicious email communication on their work email address should report it to their security teams immediately. “Security teams can use this information to contain the threat and protect the rest of the organisation. Security teams have tools and technologies that can protect people outside the organisation too, which can help keep threats from spreading to the company’s customers and partners. It is essential that dangerous communication is reported to security teams, as it helps improve the organisation’s security and resilience against attack.”
According to Gevers, there are some tell-tale signs that the person you’re speaking to may be a scammer, including:
- Receiving unsolicited communication from someone or some company that you aren’t expecting
- Messages that contain unbelievable offers, spelling errors or a sense of urgency
- Mails sent from webmail accounts, for example mimecast@gmail.com
- Mails containing redirects to login pages that have suspiciously long URLs
- Being asked for PIN numbers or login details
“If you see one or more of the above signs, stop immediately and verify the request by contacting the organisation who is purportedly reaching out to you. Don’t rely on the number provided in the communication: if the email claims it’s from your bank, for example, rather phone the bank on their main number and check the validity of the communication. Don’t ever share your login details, don’t make payments with cryptocurrencies, and don’t click on links unless you know they can be trusted.”
Despite a company or consumer’s best efforts, there is still a possibility that cybercriminals could successfully trick someone into sharing personal information that the criminal may use later to commit further fraud or breach organisational defences. If this is the case, Gevers advises that the victim take immediate steps to limit the potential damage.
“Firstly, change all your social media, email, and banking passwords. If an email communication was sent to you by a scammer, report it to your security team so they are aware of it. No one likes to fall victim to cybercrime but it’s nothing to be embarrassed about. Being honest and swift can potentially prevent other people from falling victim too.”
He adds that any such cases should be reported to the relevant authorities so that law enforcement may investigate and, hopefully, find and prosecute the perpetrators. “Countries across the Middle East have acknowledged the dangers cybercrime poses to their citizens, businesses, and critical infrastructure, and are taking steps to strengthen law enforcement capabilities to combat the scourge of cybercrime.”
Expert Speak
Blind Spots and Wishful Thinking – Why Data Resilience Needs a Reality Check

Written by Dave Russell, Senior Vice President, Head of Strategy at Veeam (more…)
Artificial Intelligence
As Adversarial GenAI Takes Off, Threat Intel Must Modernize

Written by Bart Lenaerts, Senior Product Marketing Manager, Infoblox (more…)
Expert Speak
2025 Threat Trend Spotlight: Edge Devices

Written by Antoinette Hodes, Evangelist & Global Solution Architect | Office of The CTO at Check Point Software (more…)
-
News1 week ago
Reolink Launches Smart Security Solutions in Middle East
-
Cyber Security3 days ago
Beyond Blocklists: How Behavioural Intent Analysis Can Safeguard Middle East Businesses from Rising AI-Driven Bot Threats
-
Channel Talk1 week ago
Dynatrace Names DXC Global Partner of the Year
-
Events1 week ago
Matrix to Exhibit NDAA Compliant Surveillance at ESX North America 2025
-
Cyber Security3 days ago
Honeywell Report Reveals 46% Quarterly Spike in Industrial Ransomware
-
Cyber Security4 days ago
Labubu Doll Craze: How Cybercriminals Are Exploiting the Hype
-
News1 week ago
BlueCat to Show Off Next-Gen Network Operations at Cisco Live
-
Cyber Security3 days ago
Sophos Boosts Firewall with New Protection and Incident Response Features