The Harmful Effects of Brand Impersonation
By Josh Shaul
A strong brand goes a long way in building trust with consumers. Brands that consumers perceive as reliable, secure, and trustworthy enjoy increased customer loyalty and lower customer acquisition costs.
Consumers have come to expect that brands they trust are working to ensure their safety when they interact with the brand online. The majority of consumers (63 percent) believe it’s a brand’s responsibility to protect against websites impersonating the brand. Companies that fail to monitor and respond to spoofs of their brand online will pay a price, even if they haven’t necessarily done anything wrong.
Fraudsters impersonate trusted brands online via fake websites, deceptive social media accounts, and unauthorized mobile apps. They seek to trick victims into divulging login credentials, identity information, or payment account details.
These scams have a greater impact than you might realize. For example, research shows that 66 percent of fraud victims change their buying behavior and more than a third report closing their accounts with a brand altogether. And this is just scratching the surface of the larger costs of brand impersonation.
Increasing brand-impersonation attacks
One major concern is that phishing campaigns overwhelmingly target a company’s consumers over its employees: 93 percent of phishing attacks targeted consumers in the third quarter of 2022. Scammers clearly have more success, or generate more revenue, when targeting consumers.
Phishing kits also contribute to this ratio. Phishing kits are low-code tools that allow less-sophisticated scammers to easily create a fake website. These websites convincingly impersonate the target brand and include login fields to capture victims’ account information and facilitate account takeover, identity, or payment fraud.
At Allure Security, we recently saw a case of this, in which an adversary used a phishing kit to impersonate a credit union brand. We saw a marked decrease in online brand impersonation attacks against that credit union and then almost immediately saw an increase in similar attacks targeting a different credit union. We believe that a phishing kit allowed for this quick shift.
Increasing sophistication
Not only are online brand-impersonation attacks more prevalent, but scammers have become increasingly sophisticated. For example, a recent rash of phishing sites not only stole the victim’s username and password, but also prompted them for their two-factor authentication code. The fraudsters then relayed that code to the targeted brand’s log-in process, effectively bypassing two-factor authentication.
Another avenue of attack is malicious pay-per-click ads, which advertise exorbitant discounts and direct consumers to a fake website that collects their payment information for a purchase but never delivers on the goods. What’s more, search engines won’t necessarily protect consumers from fake sites. We regularly encounter fake websites showing up on the first page of organic search results, mere inches away from the legitimate brand’s website. Either way, scammers can steal your hard-earned traffic and do great damage to your brand.
Social media offers scammers another platform to disseminate their scams. The FTC called social media “a gold mine for scammers.” In 2021, fraud originating from social media posts, ads, or messages victimized twice as many people as the year before, and monetary losses tripled.
Protecting your brand and customers online
With online brand-impersonation scams increasing in frequency and sophistication across channels, it’s all the more important to make sure you’re protecting your brand proactively.
What does proactive mean? Most importantly, it means finding fake websites, deceitful social media accounts, and unauthorized mobile apps impersonating your brand before your prospects and customers do. If a customer reports fraud to your customer service desk, it’s typically too late. At this point, people have fallen victim, experienced financial harm, and – rightly or wrongly – decided that it’s your fault.
Attempting to manually search the internet, social media platforms, and mobile app stores for misuse of your brand is futile. It’s estimated that 250,000 new websites go live each day. Humans can’t possibly keep up. If your brand protection program relies solely on hiring people to monitor the web for brand impersonations, you’ll likely never find them all. Even worse, you’ll realize that there are just too many dark corners of the online world that you simply can’t monitor.
Fortunately, it’s possible to automate the monitoring process. With automation, you can find scams closer to when they initially go live. Computer vision and natural language processing make it possible to evaluate hundreds of millions of online assets each day. In fact, modern brand protection technology can find fake websites as attackers begin to configure and test them, in some cases within minutes of the fake site going live. That means you can find and take down these scams before a single potential victim visits the site.
Being able to proactively snuff out scam websites before any customers visit them goes a long way in reducing fraud and reinforcing your brand’s reputation and the trust customers have in their online interactions with you.
About The Author
Josh Shaul is the CEO of Allure Security. He is known as a visionary security leader with expertise in building teams, creating strategy, and driving growth for security companies of varying sizes. He is passionate about providing comprehensive digital protection to businesses while inspiring trust and confidence in their customers and clients. He is recognized as a leader with strong diplomatic skills, a natural affinity for cultivating and nurturing global relationships and for possessing unwavering personal ethics and integrity.