When you launch a business it can seem impossible to factor in all possibilities when it comes to protecting both your brand’s reputation and your customers. With the endless possibilities of cyber attacks, it would be easy to forget the threat of brand impersonation, but that would be a mistake.
Reports have shown that brand impersonation is on the rise, showing no signs of letting up any time soon. Read on to find out how to prevent it from impacting your business.
How brand impersonation works
Brand impersonation (also known as brand hijacking) is when scammers pretend to represent a well-known company or brand to trick victims into sharing login credentials, personal information, money, and more. Brand impersonation occurs all over the Internet across various platforms, from social media to email.
On social media, this can look like a fake page or account interacting with would-be customers. Scammers will even go as far as to create a spoof website of a brand’s actual site, using a very similar domain name that’s just slightly different. This can be a way to ensnare customers writing a site URL into the address bar and misspelling it. These fake websites can be used to sell counterfeit items, but they’re also used for the most well-known form of brand impersonation — phishing.
With phishing, the scammer sends the victim an email or instant message saying something along the lines of their account has been compromised, they’ve won a prize, or they simply need to change their password. The message will contain a link that will either lead them to the spoof site or malware that will either proceed to steal their credentials or credit card numbers or infect their device.
Brand impersonation can target both individuals and large groups of people depending on the scammers’ intent. They might embark on a mass email campaign or go after a specific person in order to steal their credentials and access a high-profile website.
The cost of brand impersonation
It’s not just customers who bear the brunt of brand impersonations. It can cause reputational damage to the brand being impersonated and may lose them customers. If customers buy a counterfeit item from a brand they believe to be yours, they will be displeased and take their custom elsewhere. This hit to a brand’s reputation can also result in revenue loss, which is especially harmful to small businesses.
The FTC has found there has been a sharp spike in impersonation fraud since the beginning of the pandemic, receiving 8,794 complaints of business impersonation by the end of 2021 . The commission also found that victims experienced $2 billion in total losses between October 2020 and September 2021.
And it really can happen to any brand, no matter how high profile they might be. According to cybersecurity firm Check Point, the top phishing brands in the third quarter of 2022 were:
- DHL (22%)
- Microsoft (16%)
- LinkedIn (11%)
- Google (6%)
- Netflix (5%)
- WeTransfer (5%)
- Walmart (5%)
- Whatsapp (4%)
- HSBC (4%)
- Instagram (3%)
So, what can you do to stop this from happening?
How to protect your brand from impersonation
While, unfortunately, it’s all but impossible to prevent malicious actors from ever impersonating your brand, there are steps you can take to ensure to limit customer impact and brand reputational damage:
- Set up DMARC authentication: Domain-based message authentication, reporting, and conformance protects your domain against spoofing and hijacking. It will report how your domain email is used and ensure that only authorized users can send emails on behalf of your organization.
- Add email signing certificates to outgoing emails: By adding a cryptographic signature to your emails, recipients will know you are who you say you are.
- Keep customers informed: The first inkling you have of brand impersonation, let your customers know and warn them to remain vigilant. Tell them how they can recognize such attacks and how to report them if they become a target.
- Get an OV or EV SSL: Savvy Internet users know to click on a website’s padlock symbol to glean information about the company behind it. Help them out by getting a higher validation level OV or EV certificate. That way, when they read your SSL information, they’ll know you’re the real deal.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.