New Research Reveals Hidden Risks of Online Brand Safety

What can you rarely, if ever, see, but can damage your reputation and wreak havoc with your customers’ businesses?

Welcome to the world of online brand impersonation, a new and growing potential nightmare that the vast majority of brand marketers have yet to wake up to. New research based on analyses of Mimecast’s customer email traffic and public data reveals the extent — and rapid growth — of criminal online brand impersonation:

• On average, 27 million brand impersonations emails per month were detected en route to Mimecast customers in 2020.
• For the four months ended January 31, 2021, the world’s top 100 most valuable brands were impersonated in an average of 715,600 emails per month.
• The number of user clicks on unsafe email URLs was 84.5% higher in January 2021 than January 2020.

Casting light on this increasingly pressing issue, Mimecast’s The State of Brand Protection 2021 (SOBP) is largely based on threat intel research derived from billions of emails monitored by Mimecast on behalf of its customers and compiled by the Mimecast Threat Intelligence Center. The report shows how and why cybercriminals relentlessly work to exploit brands’ online presence for malicious gain, be it via email phishing, fake websites or a host of other routinely used brand impersonation tactics. And, through numerous interviews with cybersecurity professionals, the report documents a series of tried-and-true brand impersonation protection strategies.

Online Brand Impersonation Growth Shows No Signs of Slowing

Through methods like counterfeit goods and stolen intellectual property, criminals have been impersonating brands since time immemorial. But in the real world, brand exploitation is easier to gauge, recognize and crack down on. Meanwhile, it’s astoundingly easy for cybercriminals to exploit a brand’s online presence to create scams that prey on human nature. Factor in how COVID-19 forced businesses around the world to embrace digitalization, and the problem has gotten noticeably worse.

Specifically, the report notes that monthly email impersonations spiked around the early months of the pandemic when workers were particularly vulnerable. Suspicious domains impersonating brands jumped 366% in May-June 2020 over January-February 2020. And despite subsequent dips in brand impersonation activity, overall brand impersonation attacks continue to occur at a higher level than ever before.

Worse, the 84.5% spike in unsafe clicks in January 2021 over the year-earlier month show that these cybercriminals’ efforts are effective

Marketers Must Look Before They See Brand Impersonation

The SOBP research shows any company with a digital presence — large or small, B2C or B2B — can face the financial and reputational repercussions of brand exploitation. And while the world’s biggest tech companies actively fight impersonation, the issue largely goes unnoticed by others. Instead, marketers work closely with legal teams to guard their brands “in real life” while remaining unaware of how brand impersonation emails and spoofed websites can damage their brands online.

Put simply, many brands don’t realize they’re being exploited online until they start monitoring for it. One cybersecurity professional interviewed for the SOBP noted that his organization uncovered 300,000 illegitimate emails being sent on the company’s behalf when they started monitoring. Meanwhile, cybersecurity professionals at two small banks in the U.S. and UK reported taking down about a dozen fraudulent websites imitating their brands every month.

At the crux of the issue is a critical realization: Just as digital marketing is used to reach customers with the right message at the right time, often via email, Mimecast research found insidious cybercriminals are doing just the same. Working under the guise of legitimate, trusted brands, cybercriminals prey on emotions like fear, uncertainty, doubt and desire — and current events like COVID-19 — to get people to click. That’s bad news for brands that might lose hard-won customer trust to cybercriminals without knowing it. Not to mention the fact that anyone who clicks on an impersonated brand message may well have become a legitimate lead if the message were genuine.

The report notes that email phishing and spoofed websites are only part of the equation. Cybercriminals can use any digital touchpoint to take advantage of the brand-stakeholder relationship, from text messages and voicemails to social media and job ads. One cybersecurity professional interviewed by researchers discovered their brand was being impersonated for a money mule recruitment campaign — a type of fake job ad that gets unwitting victims to help a crime syndicate launder money.

How Proactive Companies Can Stop Brand Impersonation

Not surprisingly, most respondents to Mimecast’s earlier State of Email Security 2021 agreed they’d be concerned if their organization experienced malicious impersonated websites and spoofed emails. Given the increasing volume of email and web domain spoofing — and the inevitability of online brand impersonation attacks — how can marketers once again become the masters of their own domains?

The SOBP points to a holistic five-part brand impersonation protection strategy that relies on close collaboration between marketing and cybersecurity professionals and proof of concepts to get the entire organization on board with developing a comprehensive, modern brand safety strategy. The report details how close organizational collaboration combined with relatively new third-party brand protection technologies and the Domain-based Message Authentication, Reporting and Conformance (DMARC) email authentication standard can help companies fight brand exploitation.  

The Bottom Line

Online brand impersonation spiked in 2020 and shows no signs of slowing down. Many companies don’t recognize the extent of the problem until they start monitoring for it. To combat cybercriminals’ relentless exploitation of brand-stakeholder trust, many companies have found success in proactive online brand impersonation protection strategies that rely on close collaboration between marketing and cybersecurity teams, DMARC email authentication practices and third-party online brand protection solutions.