Brand Protection

    Brand Impersonation: One Cyberattack is Enough to Lose Consumer Trust and Custom

    Businesses face increased cyber threats from threat actors looking to impersonate their brands to access customers’ personal or financial information. Consumers find the brands at fault.

    by Nick Deen

    Key Points

    • Trust is paramount to a brand’s financial success and reputation. It is hard won and very easily lost.
    • Most consumers would stop spending money with their favorite brand if they fell victim to a phishing attack leveraging that brand.
    • The onus is on brands to secure their email communications and their websites; their customers expect it to be protected from email impersonation and from impersonated websites.

    Trust is a cornerstone of any successful business. Some professions – hairdressers, for example – spring to mind more than others. But the fact remains: every brand is built on trust, and once it’s broken, a loss of custom almost certainly follows. In today’s digital economy, consumers have more choice than ever when it comes to spending their hard-earned cash.

    At the same time, all the marketing in the world counts for nothing when cybercriminals use the brand to trick loyal customers by preying on the trust they have built. It takes years to build a brand. A cyberattack that exposes customer data can cause catastrophic loss of trust in an instant.

    In the last 18 months, attack volumes skyrocketed as bad actors sought to exploit the pandemic. Experts don’t expect threat levels to abate; if anything, it may well continue to rise, as hackers look to exploit the fear and confusion stemming from the pandemic and the slow return to some form of ‘new normal’.

    A new Brand Trust survey of consumer insights from over 9000 adults in the Benelux, Nordics, United Kingdom, Germany, South Africa, Australia and the Middle East aims to raise awareness of the need to secure brand safety and put CMOs and CISOs on the front foot with consumer data.  

    • According to Mimecast’s State of Brand Protection report, on average, 27 million brand impersonations emails per month were detected en route to Mimecast customers in 2020.
    • For the four months ended January 31, 2021, the world’s top 100 most valuable brands were impersonated in an average of 715,600 emails per month.
    • Mimecast’s Brand Trust survey found that most consumers (61%) would lose trust in their favorite brand if they disclosed personal information to a spoofed version of the website or if their money was stolen due to a phishing email impersonating that brand.
    • Refusing to compensate customers who were victims of cyberattack (35%) and not taking responsibility for cyberattacks leveraging their brand (33%) are the two biggest factors when it comes to loss of reputation.
    • The most trusted industries are healthcare (70%), banking (69%), and utilities (65%). Conversely, the most commonly attacked via phishing are banking, delivery services, and online retailers.

    How to Avoid Brand Impersonation

    It seems brands could be doing more, owing to the overwhelming majority of consumers (78%) who expect their favorite brands to ensure their services are safe to use, be it websites, email, or any other form of contact. In a digital-first world, having good products or services and responsive customer service is no longer enough for companies: they now also have a mandate to keep people’s data safe and take steps to prevent them from falling victim to cyberattacks involving their brand name.

    In the ongoing mission to safeguard their brands, more and more companies are achieving this with Domain-based Message Authentication, Reporting and Conformance – better known as DMARC. In a nutshell, DMARC is an email validation system designed to uncover anyone using a brand’s domain without authorization and then block the delivery of all unauthenticated mail, preventing customers, partners, and employees from receiving emails from impersonators.

    Even unsophisticated attackers can register domains that look like trusted brands as bait to target the people who use them. And, while DMARC does help, it’s only designed to be effective against domains brands own. Ultimately, it’s no longer enough to protect just those – it’s time to move from defense to offense. One of the most effective ways to block brand attacks, as well as stopping live attacks, is to leverage technologies with machine learning to identify attack patterns at an early stage, blocking compromised assets before they become live attacks. Or, if active attacks are discovered, they can be rapidly remediated to minimize damage.

    The Bottom Line about Brand Impersonation

    To best protect against brand impersonation attack, marketers and cybersecurity teams must work together, and security teams must also enforce DMARC policies and brand protection services. Indeed, while marketers work to acquire new customers, their efforts tend to make the cybersecurity team’s jobs more difficult. For example, it can be a lengthy process to take careful assessment of all domains sending email on a brand’s behalf, but it’s a worthwhile timing investment to protect the brand, and protect its customers.

    In addition, brands must practice transparency with their customers. If consumers feel the trust they place in the brand is valued and their online interactions are secure, it will be paid back with loyalty.

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top