The U.S. Federal Bureau of Investigation (FBI) estimates that impersonation attacks have caused global losses of upwards of $5.3 billion. In this era, your online brand can be your strongest asset or your most crippling liability. Regardless if you spend years building a positive brand or not, one online incident could be all it takes to tarnish your brand and bottom line. One of the biggest risks that occur towards your brand is online brand impersonation attacks. These attacks come in a number of shapes and forms that require different strategies in place to properly protect, detect, and mitigate the monetary losses as well as the impact on your brand.
In 2018, 73% of companies experienced a phishing attack that resulted in direct losses, a 67% increase from 2017. Although click-through rates on phishing emails are at an all-time low of 2.99%, there are still people who are not well versed in how to determine if an email is a phishing attack. Companies need to have the proper tools in place to detect phishing attacks before they do irreversible damage.
Figure 1 shows an example of a phishing attack from the well-known company, Paypal. The goal of this phishing attack was to impersonate PayPal in hopes of gathering personally identifiable information (PII) from the victim. Clicking on this type of email can also lead consumers to information that misrepresents your brand or give the impersonator access to the recipient’s internal system giving them the opportunity to exploit vulnerabilities. Regardless if this email is coming from your company or not, your brand would still see the negative repercussions if one of your customers falls victim to this type of attack.
Figure 1: PayPal impersonation phishing attack
Social Media Impersonations
With the increasing use of social media platforms, more cybercriminals are taking to these networks to conduct impersonation attacks. Solely relying on consumers to review every social media handle and verification symbol to ensure it’s the correct brand is a high-risk practice. Instead, companies need to protect their brand with alternative methods to properly detect these fake accounts such as an open-source threat intelligence tool.
The motives for brand impersonators range from brand misrepresentation, fake promotions to gain followers, or to gather sensitive information from customers and employees. Regardless of the motive, social media brand impersonations will lead to distrust and negative perception from potential consumers. Considering social media influences the purchasing decision of 74% of consumers, this type of impersonation has a significant impact on sales and revenue as well as your brand.
Online impersonators will often create fake websites that appear to be a legitimate website. One of the most common ways they generate traffic to these websites is through typosquatting. According to the World Intellectual Property Office (WIPO), there were 3,447 reported typosquatting cases in 2018, resulting in a 12% increase from 2017. Typosquatting involves registering brand names as Internet domains with alternate permutations than the original domain name. Figure 2 explores the slight dissimilarities that commonly occur in typosquatting attacks such as alternate spelling, hyphenation, and changing the domain extension. After purchasing these domains, they either attempt to sell the domain name to the company to turn a profit or use the domain to further misrepresent your brand.
Figure 2: Typosquatting techniques and examples using mediasonar.com
Creating, distributing, and selling counterfeit products is another popular approach to brand impersonation attacks and are occurring more frequently. According to the 2018 Global Brand Counterfeiting Report, the total value of counterfeit products is forecasted to hit $1.82 trillion by 2020. Not only do counterfeit products have a significant impact on revenue, but there is also an impact on a company’s brand. While harming your brand may not be the counterfeiter’s primary motive, your reputation will still suffer the consequences during the process. If a consumer unknowingly purchases a counterfeit product with your brand name and the product breaks in any fashion, your brand will still experience the negative repercussions. These experiences make their way into Internet chatter where your negative reviews can grow at an exponential rate. Considering 90% of consumers read online reviews before visiting a business and 67.7% of consumers base their purchasing decisions on reviews, these negative reviews will significantly suede the consumer’s decision.
Protect, Detect, and Mitigate
With the variety of online brand impersonation attacks that are out there, it is integral that security teams are equipped with the tools and workflows to detect threats and mitigate the effects on your brand. With the correct threat intelligence strategy in place, your company will be able to better manage brand impersonations.
If a cybercriminal is using a fake email address, social media handle or domain, there is a high chance they are also using it elsewhere. Running open-source searches to create digital footprints will allow you to make connections between pieces of information and discover where else impersonators are using these credentials. This will provide you with the insight to uncover who the perpetrator is and other ways your brand is being misrepresented online.
Social Media Searches
Since social media is where the majority of consumer conversations occur, it is important that you have the ability to search social media platforms to detect incidents of brand impersonation. Searching publicly viewable social media platforms and having the tools in place to filter through the data will lead you to accounts who are impersonating your brand and people who are engaging with fraudulent content and posts.
Dark Web Searches
Dark Web marketplaces are a hub for cybercriminals to sell stolen information and counterfeit items. Having the ability to safely and anonymously search the Dark Web is an integral component of a brand protection strategy. Not only will these capabilities allow you to discover where counterfeit items are being sold, they will also aid your investigation into who is responsible.
Get Free Access to our report How to Use OSINT to Protect Your Brand & Mitigate Damage.
Better Threat Intelligence With Media Sonar
Media Sonar provides you with the information across the Surface, Deep, and Dark Web to detect instances of brand impersonation and quickly see who interacts with fraudulent posts and content online. We allow users to create digital footprints, provide extensive social insights, and offer safe and anonymous access to the Dark Web. With advanced search capabilities and 24/7 custom alerts, your company will be notified of relevant risks to monitor situations as they unfold.