Holiday Alert: Brand Exploitation Is Surging Online

When it comes to brand exploitation, a picture is worth 1,000 words — and a statistic is worth 1,000 more. That’s why this year, Mimecast is raising an alert by releasing early statistics and sharing images of holiday brand exploits. As revealed in the earlier 2021 release of Mimecast’s State of Brand Protection Report (SOBP), organizations of all sizes face the risk of losing customer trust, business continuity and holiday sales to brand scams.

Statistics Reveal Extent of Brand Exploitation

Brand impersonation using fake emails and websites had already increased by the triple digits in 2020, according to the SOBP report. Now it’s getting worse.

In the run-up to this holiday season, Mimecast security research found over 5,000 domains that included the name “Amazon” were registered globally on a single day in October. Ditto for Walmart, though not as dire, with 77 new domains registered in 24 hours. While some of these domains may have been legitimate, the bulk of them were suspect, according to Mimecast Threat Intelligence.

Top brands are under constant fire from cybercriminals hijacking their good names to dupe consumers. In September and October, Mimecast’s Threat Intelligence Center found that 1,491 brands sustained over two attacks each, while 87 brands were attacked over 100 times. Here are more specific brand attack statistics for those two months:

• PayPal — 5,881
• Microsoft — 5,537
• Apple — 2,992
• Facebook — 2,780
• Chase — 1,835
• Amazon — 1,428
• Wells Fargo — 1,014
• AT&T — 880
• Adobe — 740
• Google — 423
• HSBC — 324
• LinkedIn — 306
• Citi — 50
• iCloud — 18
• Bank of America — 18
• American Express — 13
• FedEx — 11

What Does Brand Exploitation Look Like?

As one CISO recently told us, cybercriminals often scrape the code off his company’s retail website and launch scam sites that look identical to his brand. Other counterfeit sites, like those below, aren’t nearly as professional-looking.

 As for the domain names used by spoofed websites, they may simply add a new domain extension to a brand name. For example, instead of .com a scammer could use one of the hundreds of other extensions available, such as .net or a country-specific extension.[1] The number of suspicious domains like these jumped 366% between May-June 2020 and January-February 2020, according to the SOBP report.

Brand scams often combine fake websites and phishing emails that lure customers to the sites. Phishing emails are effective hooks: The number of unwitting clicks on dangerous links soared 85% in 2020.

What’s at Stake When a Brand Is Spoofed?

Many companies don’t realize they’re being spoofed until they start monitoring for it. The problem affects companies large and small: For instance, two small banks reported taking down about a dozen counterfeit sites a month once they became proactive about brand protection.

Spoofed websites and their phishing lures can be used in many types of exploits, from stealing credentials for sale on the Dark Web, to duping an unsuspecting employee into depositing ransomware on a company network, to simply selling brand knockoffs from the fake site.

The ultimate victim is brand trust. A Mimecast survey of international consumers found that 55% had been directed to a fake website from a phishing email. The survey disclosed a direct link between the resulting loss of trust and a loss of revenue: Fifty-seven percent of respondents said they’d stop spending money with a brand if they fell victim to a phishing attack.

How to Minimize Brand Impersonation

“Brand owners should be aware of their risk profile before bad things happen, so there’s time to act,” said Dirk Jan Koekkoek, Mimecast vice president, DMARC, in an interview with Help Net Security.[2] “To start, adopt open security standards such as DMARC and prevent unauthorized senders from impersonating your domain in the first place.” 

Domain-based Messaging Authentication Reporting and Conformance, or DMARC, lets companies govern their domains and have visibility over emails sent on their behalf. That way, they can halt any unauthorized emails coming from their domains — often automatically. In addition, services like Mimecast’s continually scan the web for fake domains, using technologies including machine learning.

Considering the considerable risk of brand exploitation and the available tools to fight it, Koekkoek’s additional tips include:

• Make a risk assessment.
• Start with the steps that deliver the best return on your investment in brand protection.
• Track where your company’s brand is exposed.
• Block engagement with the discovered threat.
• Remediate the threat entirely.
• Know that timing is key, and every second counts.

The Bottom Line

Online brand exploitation usually surges during the holidays — and it looks like this year is no exception, according to early findings from Mimecast. Brand protection measures can help contain the damage to customer trust, business continuity and your company’s bottom line.

[1] “Root Zone Database,” Internet Assigned Numbers Authority

[2] “The antidote to brand impersonation attacks is awareness,” Help Net Security