How Your Brand May Be Exploited Without Your Knowledge

As long ago as 2004, Gartner’s Daryl Plummer predicted that “fake reality for sale will be the norm.”[1] The prevalence of online brand exploitation is evidence that Plummer’s prediction has been realized. Today, brand exploitation is a much broader issue than the sale of counterfeit goods. Bad actors constantly impersonate brands online, constructing counterfeit e-fragments of reality that trick unsuspecting users into falling for phishing attempts and other cyberattacks.

According to Mimecast’s State of Email Security 2020, organizations reported an average of nine known website or email spoofing attacks in the last year, and 84% of respondents are concerned about further email domain, web domain spoofing, brand exploitation, or site spoofing attacks in the next 12 months.[2]

Those statistics are disturbing, but they fail to paint the whole picture because many attacks fly under the radar. The web is vast, bad actors are elusive, and there are plenty of ways that brands may be exploited on the web without their knowledge. These include link manipulation, website spoofing, email spoofing, vishing and SMShing, social media impersonation, and search engine phishing.

The threats are so diverse and prolific that it’s generally not possible to quickly detect all these malicious impersonation attempts using manual methods alone. Brands can try to manually scour the web for suspicious activity, but if a threat is discovered, it’s already live and probably doing damage. Such a delay won’t cut it when customer and employee safety—not to mention a brand’s reputation—is on the line. Brands can accelerate and broaden their ability to detect these attacks using automated online brand protection solutions, which search the internet to detect and nullify brand impersonation attempts before the worst happens.

1. Link Manipulation

Link manipulation is at the core of many brand exploitation attempts. Bad actors slightly manipulate links to direct users to phony websites. They may register domains with names that are very similar to real brand names and then host malicious websites at those domains. Attackers use several tactics, including:

• Misspelled URLs. Also known as typosquatting or URL hijacking, this method of brand exploitation relies on the likelihood users will make a typo or other similar mistake when entering a URL into their web browser. Instead of “example.com,” a user might be directed to the lookalike domain “exampil.com.”
• Internationalized Domain Names (IDNs) can trick users into clicking links that look real but use international characters in place of English characters. A bad actor might use the Latin character “ɱ” to create the domain “exaɱple.com”, for instance.
• Hidden URLs hide the actual, malicious URL under plain text that might say “click here.”
• Top level domain and country code top level domain abuse takes a legitimate domain name and adds an incorrect top-level domain. A top-level domain impersonation of “example.com” might read “example.ca”.

Link manipulation is often used in tandem with other methods of brand exploitation, listed below.

2. Website Spoofing

Bad actors can build spoofed websites that look legitimate, directing users to them using manipulated links. They can scrape coding, colors, and images from a real brand’s website to trick unsuspecting users. These websites can be used to download malware or steal users’ credentials. Clicking a link on a spoofed website may drop malware onto the user’s system, or the website may be designed to harvest personal information that can then be sold.

3. Email Spoofing

With email spoofing attacks, an attacker sends an email that appears come from a legitimate brand. The email may ask the recipient to click a link that leads to spoofed website, or that downloads malware. By using your brand as the bait, the unsuspecting recipient might end up exposing their personal data—or their employer’s—to criminals.

4. Vishing and SMShing

Phishing attacks that use voice and text messages (vishing and SMShing, respectively) are another common brand exploitation method. Vishing messages may appear to come from an official source. For example, the CEO of a U.K.-based energy firm received a phone call that appeared to be from the chief executive of the firm’s parent company, asking him to pay €220,000 to a Hungarian supplier.[3] In reality, bad actors were imitating the chief executive’s voice using AI, and the money was sent to criminals.

SMShing attempts use text messages to impersonate brands. A recipient might get a text from a malicious actor claiming to be a legitimate bank or other entity. The text might contain a link that takes the user to a spoofed login page designed to steal the person’s credentials.

5. Social Media Impersonations

Social media is fertile ground for brand exploitation. For example, a bad actor can create a fake social media account in the name of a company, make it seem legit by posting or commenting on messages, and even include links to a fake website. Or impersonators may simply aim to simply to embarrass the brand or tarnish its reputation. After the BP Deepwater Horizon oil spill in 2010, for example, a Twitter account mimicking BP’s public relations group satirized the company’s PR efforts following the spill. The fake account racked up twice as many followers as the company’s genuine corporate account.[4]

6. Search Engine Phishing

Instead of sending emails or text messages to entice users to click on malicious links, some bad actors create malicious webpages designed to appear in search engine results. These fake sites often use domain spoofing to impersonate real brands. To get users to click, the search engine ad or link may offer free or discounted goods or even job opportunities.[5]

Brand Exploitation Prevention Must Be Multi-Layered

The last thing most businesses want is to be alerted to a scam by their own customers. However, staying ahead of the problem can be a challenge when there are so many ways that bad actors exploit brands across the web. The solution? A multi-layered approach that includes:

DMARC email authentication: DMARC can help brands ensure their domain isn’t impersonated in phishing emails. DMARC enables email systems to detect and reject phony emails that appear to come from legitimate domains, before the email messages reach recipients’ inboxes. However, DMARC can’t prevent attacks that use domain names similar, but not identical, to a brand’s domain.

Security awareness training: Humans are often the weakest link in falling for cyberattacks. Regular security awareness training can help keep people up to speed with the latest brand exploitation attempts and other cyberattacks. A keen eye can learn to pick out suspicious links, lookalike emails and websites, phony social media accounts, and more.

AI-based online brand protection solutions: Brands can try to manually monitor the web for suspicious activity, but it may take weeks—or months—to detect exploitation attacks, and another two weeks or more to resolve those attacks.[6] Automated brand protection solutions can often detect and resolve brand exploitation attacks within hours, or even faster in some cases.

The Bottom Line

Many brand exploitation attacks can be hard to detect given the almost infinite extent of the web and the multiple attack methods that bad actors have at their disposal. To find and stop these attacks, brands need to take on a multi-layered online brand protection approach that incorporates DMARC, security awareness training, and AI-based brand protection solutions. Otherwise, brands may find their reputation damaged by attacks that weren’t even on their radar.

[1] “Defend Your Brand in the Era of Fake News,” Gartner

[2] The State of Email Security 2020, Mimecast

[3] “Fraudsters Used AI to Mimic CEO’s Voice in Unusual Cybercrime Case,” The Wall Street Journal

[4] “Fake BP Twitter Account Draws Followers With Oil-Spill Satire,” The Wall Street Journal

[5] “Search Engine Phishing,” Legal Match

[6] The Security Challenge Beyond Your Perimeter, Frost & Sullivan