Businesses face increased cyber threats from threat actors looking to impersonate their brands to access customers’ personal or financial information. Consumers find the brands at fault.

Key Points:

  • Trust is paramount to a brand’s financial success and reputation. It is hard won and very easily lost.
  • Most consumers would stop spending money with their favourite brand if they fell victim to a phishing attack leveraging that brand.
  • The onus is on brands to secure their email communications and their websites; their customers expect it to be protected from email impersonation and from impersonated websites.

Trust is a cornerstone of any successful business. Some professions – hairdressers, for example – spring to mind more than others. But the fact remains: every brand is built on trust, and once it’s broken, a loss of custom almost certainly follows. In today’s digital economy, consumers have more choice than ever when it comes to spending their hard-earned cash.

At the same time, all the marketing in the world counts for nothing when cybercriminals use the brand to trick loyal customers by preying on the trust they have built. It takes years to build a brand. A cyberattack that exposes customer data can cause catastrophic loss of trust in an instant.

In the last 18 months, attack volumes skyrocketed as bad actors sought to exploit the pandemic. Experts don’t expect threat levels to abate; if anything, it may well continue to rise, as hackers look to exploit the fear and confusion stemming from the pandemic and the slow return to some form of ‘new normal’.

A new Brand Trust survey of consumer insights from over 9000 adults in the Benelux, Nordics, United Kingdom, Germany, South Africa, Australia and the Middle East aims to raise awareness of the need to secure brand safety and put CMOs and CISOs on the front foot with consumer data.  

  • According to Mimecast’s State of Brand Protection report, on average, 27 million brand impersonations emails per month were detected en route to Mimecast customers in 2020.
  • For the four months ended January 31, 2021, the world’s top 100 most valuable brands were impersonated in an average of 715,600 emails per month.
  • Mimecast’s Brand Trust survey found that most consumers (61%) would lose trust in their favourite brand if they disclosed personal information to a spoofed version of the website or if their money was stolen due to a phishing email impersonating that brand.
  • Refusing to compensate customers who were victims of cyberattack (35%) and not taking responsibility for cyberattacks leveraging their brand (33%) are the two biggest factors when it comes to loss of reputation.
  • The most trusted industries are healthcare (70%), banking (69%), and utilities (65%). Conversely, the most commonly attacked via phishing are banking, delivery services, and online retailers.

How to avoid brand impersonation

It seems brands could be doing more, owing to the overwhelming majority of consumers (78%) who expect their favourite brands to ensure their services are safe to use, be it websites, email, or any other form of contact. In a digital-first world, having good products or services and responsive customer service is no longer enough for companies: they now also have a mandate to keep people’s data safe and take steps to prevent them from falling victim to cyberattacks involving their brand name.

In the ongoing mission to safeguard their brands, more and more companies are achieving this with Domain-based Message Authentication, Reporting and Conformance – better known as DMARC. In a nutshell, DMARC is an email validation system designed to uncover anyone using a brand’s domain without authorisation and then block the delivery of all unauthenticated mail, preventing customers, partners, and employees from receiving emails from impersonators.

Even unsophisticated attackers can register domains that look like trusted brands as bait to target the people who use them. And, while DMARC does help, it’s only designed to be effective against domains brands own. Ultimately, it’s no longer enough to protect just those – it’s time to move from defence to offense. One of the most effective ways to block brand attacks, as well as stopping live attacks, is to leverage technologies with machine learning to identify attack patterns at an early stage, blocking compromised assets before they become live attacks. Or, if active attacks are discovered, they can be rapidly remediated to minimise damage.

The Bottom Line

To best protect against brand impersonation attack, marketeers and cybersecurity teams must work together, and security teams must also enforce DMARC policies and brand protection services. Indeed, while marketers work to acquire new customers, their efforts tend to make the cybersecurity team’s jobs more difficult. For example, it can be a lengthy process to take careful assessment of all domains sending email on a brand’s behalf, but it’s a worthwhile timing investment to protect the brand, and protect its customers.

In addition, brands must practice transparency with their customers. If consumers feel the trust they place in the brand is valued and their online interactions are secure, it will be paid back with loyalty.

 

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

How Cybercriminals Attack Brands with Marketing Tactics

What to do when cybercriminals use a com…

What to do when cybercriminals use a company’s brand t… Read More >

Michael Grover

by Michael Grover

Posted Jul 07, 2021

Five Years of Survey Data Shows Small Gains in Cyber Preparedness

Five years of Mimecast’s State of …

Five years of Mimecast’s State of Email Security surve… Read More >

Elliot Kass

by Elliot Kass

Contributing Writer

Posted Jun 21, 2021

Brand Impersonation Attacks Are A Double-Edged Sword

Brand impersonation attacks put organiza…

Brand impersonation attacks put organizations at risk throug… Read More >

Debra Donston-Miller

by Debra Donston-Miller

Contributing Writer

Posted Jun 09, 2021