Brand Protection

    Brand Impersonation: It Happens to Security Vendors, Too

    Credential theft and revenue loss are cybercriminals’ goals when it comes to online brand spoofing, but a side effect is erosion of customer trust.

    by Renatta Siewert

    Key Points

    • Mimecast discovered a spoofed site for Check Point Software Technologies, a cybersecurity vendor.
    • Attackers look for ways to profit from spoofed sites in every industry of nearly every size, though many believe that only large companies, like Google, PayPal, Facebook and other well-known brands of the world, are regularly impersonated. On the contrary, cybersecurity vendors can be attacked with frequency and consistency.
    • As attackers impersonate what should be trusted brands – cybersecurity, of all things! – brand protection is paramount, and employees must become hypervigilant.


    New research from Mimecast has uncovered a phishing attack against cybersecurity provider Check Point Software Technologies. The online domain spoofing was discovered as part of normal brand exploitation protection scans and flagged as suspicious. Mimecast notified Check Point of the site and it has since been taken down.


    Image: Check Point’s spoofed domain record in Brand Exploit Protect


    According to Elad Tzur, brand protection director at Mimecast, the fraudulent, spoofed site was impersonating Check Point’s regional Indonesia official site, using their brand name and trademarks. “Moreover, the domain had active MX records that could be used for an email phishing attack to manipulate customers and users,” he noted.

    It may seem counterintuitive that a cybersecurity vendor site would be spoofed; most are not household names, nor do they have massive customer bases for cybercriminals to exploit. But it’s no longer true that the largest brand names are the only ones with spoofed domains. In fact, we recently demonstrated that while attacks against the best-known internet brands continue unabated, the more sophisticated cybercriminals – with the assistance of cybercrime toolkits and a multitude of hacked web sites and DNS entries - have shifted to impersonating the online brands of lesser known firms. Mimecast is routinely, though not heavily, impersonated and these impersonation attacks are discovered and taken down by our own Brand Exploit Protection solution.

    Are Security Sites Spoofed More Often?

    This may prompt a new question: are cybersecurity vendors becoming more likely targets for web spoofing and brand impersonation? According to Tzur, it’s safe to say that all security companies are being attacked.

    “Being a security vendor ourselves, we are seeing attempts to attack our brand every now and then,” Tzur said. “But when the attacker sees their efforts being detected and eliminated before the attack is launched, they usually start to look for some other potential victim.”

    Another potential victim could be a similarly named company, since the attacker would’ve already registered the domain and put a bit of work into the impersonation effort. However, they could just as easily pivot and attack another cybersecurity vendor who may not be keeping a careful watch on newly registered, suspicious domains – another reason to keep brand safety top of mind.

    Brand Impersonation Damage

    Every brand that is being attacked by phishing attacks absorbs some kind of damage – it can be financial, or it can be an erosion of trust in your brand. Tzur notes that brand impersonation and brand exploitation can lead not only to credential theft, but also to revenue loss as a direct impact of the attack. The collateral damage is, of course, confidence in the brand.

    The toll can be especially steep for cybersecurity companies who must battle these types of attacks.

    Online brand trust is an age-old topic in marketing circles; customers and potential customers provide invaluable data to a company in exchange for a product or service, and CMOs and senior marketing leaders must protect it. But as cybercriminals began impersonating online brands, usually for credential theft to launch future, more serious attacks, it can become much more difficult for marketing professionals to get their arms around the problem.

    The Bottom Line

    According to the State of Email Security 2020, brand trust is incredibly important; if your brand website is cloned and credentials were stolen as a result, then trust in your brand can be questioned or diminished. Even unsophisticated attackers can trick unsuspecting website visitors, which can unravel years’ worth of brand equity. if you’re unaware it’s happening, you can’t solve the problem.

    In 50% of organizations, the CIO holds budget for email spoofing, exploitation and impersonation, followed by the CISO (42%), CFO (22%), CMO (8%), and legal/compliance (8%)[1]. This budget breakdown shows that some organizations are treating online brand protection as the cross-functional business issue that it is, instead of relegating it as an overly technical security matter.

    With this in mind, it’s imperative that CMOs and CISOs partner with CFOs to manage corporate brand and protect against exploitation. CFOs are perhaps best suited to make decisions that keep their business stable and operationally healthy. Working in lockstep with the CMO, CISO and CIO, the CFO can guide risk management and budget management towards a balanced approach to brand and business protection.

    [1] State of Email Security 2020, Mimecast


    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top