Three ways to combat common brand impersonation attacks

Red Points recently reviewed common business impersonation techniques that bad actors use to lure consumers and third parties into sharing personal information or funds. In this article we share tips on how brand owners can detect and mitigate the risk posed by the three most prolific impersonation methods.

The ever-growing brand impersonation threat

Impersonation is a security challenge that damages brand reputation and creates financial risks for organisations and all of their stakeholders. The volume and sophistication of methods make it extremely difficult for internal security teams to tackle alone.

According to the FBI’s Internet Crime Report 2020, cybercrime has caused economic losses of around $13 billion globally over the past five years. Meanwhile, impersonation attacks (including identity theft and personal data breaches) have caused more than $5 billion of losses.

Worryingly, data shows that impersonation scams affecting banks increased 84% in the United Kingdom alone in 2020 during the covid-19 pandemic. At least 15,000 cases were reported in the first half of the year, while criminals diverted £58 million in the first six months of 2020 using impersonation techniques. 

All in all, impersonation attacks pose a serious risk to sensitive information, customer confidence and, most importantly, brand loyalty and reputation. While they are favoured by bad actors because, in most cases, they mainly require the creation of fake business accounts or online profiles, they can appear in a number of forms. Each malicious technique, whether it be a fake account, domain or app, is a unique threat in itself, which scammers often combine to trick users.

Usually, bad actors use fake social media accounts as bait to convince people that they are visiting a brand’s official account. In such cases, they link to fake websites or apps that spy on personal data. Hence, while tackling and dealing with brand impersonation, it is important to look beyond fake social media accounts and ensure full coverage of the intersections between such accounts and the linked apps and websites.

Combatting common brand impersonation attacks

Contrary to common belief, brand impersonations are not limited to infringers trying to imitate your corporate account. In recent years, the growing trend is towards more sophisticated methods, with scammers turning to lookalike domains, fake accounts on social media and mobile apps. Bad actors use highly sophisticated, targeted and customised attacks against brands. In some cases, they might even impersonate executives and employees.

While some impersonation tactics (eg, a lookalike website or a fake account) are easy to spot, others might go unnoticed for months or even years. This can not only cause great financial damage, as customers might be mistaking you with other companies, but can also expose you to unpleasant legal consequences. Below is an overview of each of these sophisticated techniques and how to tackle them one by one.

1. Fake social media accounts

Highly sophisticated impersonators exploit the fact that on many social networks, it can take a few days for a newly created account to show up in search results. Infringers use these periods of reduced visibility to target brand customers and launch aggressive attacks through advertising campaigns.

Action: Verify your official profile on all social media platforms

Before checking whether someone is impersonating your brand on social media, start by verifying your own accounts to lower the chances of customers getting duped by impersonators. Most of the top social media websites allow brands, organisations and celebrities to apply for a verification badge. This is an important way of signalling to customers which accounts they should trust.

Next, if you have identified social media profiles impersonating your brand, look for a URL in the profile information linking back to the infringer’s online store. In most cases, impersonators use social media accounts only as anchors or for promotional purposes. If you dig deeper, you are likely to identify and eliminate the problem at the source.

2. Fake mobile apps

Similar to lookalike domains, fake apps created by infringers copy the design and shape of genuine apps to trick users into downloading them. After being downloaded, the fraudulent app then tries to access and exploit personal data, often without the user’s knowledge. The problem of fake mobile apps has intensified during the covid-19 pandemic as people have spent more time at home and on their devices. As a result, more apps have been downloaded and cybercriminals have inevitably seized on the opportunity that this has created.

Action: Implement timely detection using keywords and image searches

Although Apple recently updated its App Store Guidelines to target scammers and fraudsters that prey on Apple users, the burden remains on brands to identify and report fraudulent apps impersonating their business. However, monitoring threats from mobile apps manually can be an impossible task. Using keywords and image search to automatically track and remove bad actors on iOS and Android can help to prevent brand damage and ensure a safe customer experience. This also means that you can start to be more proactive in protecting your business from impersonation and fraud, rather than reactive (when the damage has already been done).

3. Lookalike domains

Another technique that infringers continue to use is establishing domains that at first sight look like the original domain but then transfer the user to a fraudulent website. In e-commerce, this technique is used by impersonators to catch sensitive information such as login or payment data from online customers.

Action: Find the source of the problem

It is no surprise that someone trying to use your identity would use the same brand name, logo or product image as you. However, they will also try to mislead your customers by misspelling your brand name or slightly modifying your original brand image. The key here is to implement round-the-clock monitoring to spot these types of cases as soon as they emerge.

Ultimately, with the great advantages of social media comes a daunting wave of impersonations that represent a growing problem for brands. Business owners face the real risk of losing revenue, traffic and customer trust, which leads to reputational damage that is often the biggest threat in the long run. Therefore, brands must take a proactive approach to tackle the problem. A comprehensive and scalable system to identify and remove infringements effectively, paired with technological solutions and expertise in IP enforcement, will ultimately ensure the success of that strategy.