What is Brand Impersonation?
Brand impersonation (sometimes also called “brandjacking”) is a form of fraud used by cybercriminals to mimic a known or trusted brand to trick users into engaging with a malicious platform.
The purpose is to solicit sensitive information from victims by leveraging the trust they put in the original brand. Phony websites or spoofed emails are then used to steal personal information, harvest passwords or credentials, hijack or clone credit cards, steal money through fake transactions, or upload malware into the user’s device.
Brand impersonation can target large brands such as Amazon, Alibaba, Microsoft or Facebook, since they have particularly large customer bases, as well as smaller or local companies.
Besides the damage they cause to the users who fell prey to the fraudulent scheme, brand imposters also damage the reputation and credibility of the brand, particularly smaller companies.
How Does Brand Impersonation Work?
There are many different ways through which a brand impersonation attack may be launched.
By far the most common one is a spoofed email, social media message or SMS that appears to come from a legitimate recipient by copying the brand’s logo, colors, images, and text.
This message will contain a request or requirement for the unsuspecting user to take some action, such as purchasing a product at a discounted price, verifying their personal information, or posing as a technical support request for login information.
Other forms of brand impersonation attacks may be more creative. For example, malicious actors may post a fake job advertisement on a job board, posing as the brand looking for an employee. They can then steal the candidates’ curricula or ask them for their personal IDs for social engineering purposes.
Another common form of this type of online fraud is known as “malvertising”. The impersonator will spoof an ad or a legitimate domain to appear in search engine results.
The most expertly-crafted ones can even go as far as to look like they’re using an official URL from that brand or at least spoof the original brand’s website within the ad snippet.
They then redirect the user to a phishing site that looks as close to the original site as possible to steal their login and password, credit card info, or just their money through a fake purchase (especially in the case of e-commerce businesses).
What Is the Size and Cost of Brand Impersonation?
Brand impersonation is a sizable form of phishing that is quickly growing since it’s particularly profitable. Nearly half (40%) of consumers do, in fact, fall prey to these types of scams, based on the ease of clicking on links from their favorite brands.
However, this type of fraud is also incredibly damaging to a company since more than half (52%) of the same people who end up buying a fake product lose some trust in the brand.
According to the Federal Trade Commission (FTC), the cost of brand impersonation scams reached $2 million in 2021, with a reported increase of 85% over 2020.
These attacks kept increasing in subsequent years, as well as attacks against popular apparel brands such as Adidas, Nike, Puma, Fila, Yahoo, and even the World Health Organization.
According to some sources, however, the most commonly attacked brands are Microsoft, Google, Apple and Wells Fargo, with the first two on the list covering 50% of the total number of impersonation attacks.
How to Protect a Brand From Impersonation
There’s not much brands can do to protect themselves from impersonation because falling prey to these schemes rests largely on the shoulders of their customers.
Setting up and impersonating a domain is extremely simple since there are no rules preventing the registration of a domain name that is almost identical to the original brand’s.
Purchasing all permutations of a domain is extremely impractical and too costly, even for larger brands.
On top of all that, phishing tutorials, kits and even phishing-as-a-service solutions are widely available to even less experienced hackers.
A very basic-level approach is to make sure that the original website is as secure and legitimate as possible to make the life of potential impersonators a bit more difficult.
Securing a domain with an EV-SSL/TLS certificate, for example, is an industry standard to ensure that non-certified domains can be immediately detected as phony or fraudulent — at least by the most attentive users.
Setting up domain-based message authentication, reporting, and conformance (DMARC) records on a domain name system also prevents unauthorized users to send emails on behalf of the brand’s official domain.
The implementation of brand indicators of message identification (BIMI) and verified mark certificates (VMCs) also helps establish the identity of the original brand in outbound emails.
Apple and Google use this method to display their verified logos in all their messages, which can mitigate the risk, but cannot stop it altogether since it always depends on the attention level of the end user opening that email.
What Third-Party Solutions Are Out There?
Some vendors offer other specific solutions to mitigate the risk of brand impersonation via alternative means. The first one is employing an artificial intelligence web scraping service to constantly search the web for potential impersonators.
This is the solution offered by Mimecast, and includes constant DMARC analysis, the use of algorithms that scan the web 24/7 to spot suspicious activity, and an automated notification sent to ISPs to take down malicious impersonators.
Another example is provided by Memcyco, which focuses on the “window of exposure” in which customers are the most vulnerable to attacks from when a fake site is up until it is taken down.
The solution works in real-time by warning customers via Red Alerts, letting them know that the fake site is an imposter.
The aim is to stop the customer from acting on the phony website during the critical time needed for the ISP to take action and take the fake site down (which, in some cases, may require weeks or months).
Other services such as Darktrace also focus on end users, but from a different angle. Their solution analyzes user behavior, and raises an alarm every time something suspicious comes up.
For example, when it detects an abnormal pattern, such as a user sending a-typical information or replying to an unknown email, it can automatically alert the security team so they can take immediate action.