Webinar: IT Leaders on Online Impersonation Fraud Bmoore November 12, 2024

Webinar: IT Leaders on Online Impersonation Fraud

Security against the Rising Threat of Impersonation Scams

Cybersecurity remains a back-and-forth contest between threat actors and cybersecurity professionals. When fraudsters develop a new technique to circumvent security systems, cybersecurity professionals respond with new security tools to counteract the new techniques. Specifically, how to address online brand impersonation fraud.

This dynamic continues today, but the world is not the same as it was fifteen years ago. A far greater share of business is conducted online than before. Every company has a website, a social media presence, and an online brand vulnerable to impersonation. It’s a dizzyingly vast landscape of digital identity, which drives greater complexity in attack strategies and more opportunity for illicit gains.

According to recent data from the US Federal Trade Commission (FTC) , consumers lost more money to scams in 2023 than ever before. More, the FTC also reports that impersonation scams, defined as fraudsters falsely representing themselves as legitimate organizations, were the most commonly reported type of fraud. Financial losses in this area rose 13% year over year.

AI increases scam opportunities

The challenges only increase if we look further ahead. We are just starting to explore the potential of artificial intelligence (AI). Already, viral stories are appearing about AI-generated images. As an example, in March 2023, social media loved an image of Pope Francis in a white puffer jacket.

The image is compelling but entirely artificial. Fraudsters will use these tools in a new wave of impersonation attacks. Studies show that consumers worry daily about becoming victims of deepfake scams.

In July 2024, Allure Security held a panel discussion. IT leaders from financial institutions in venture capital attended. Their insights outline a cybersecurity plan that can better protect consumers, employees, and the organization’s online brand identity. Organizations must use these tools and best practices to reduce the risk of brand impersonation attacks.

The Threat of Online Brand Impersonation Fraud to Organizations

Before we explore ways to mature a brand protection program, we must first understand what is at stake. The damage a brand impersonation attack can do to an individual consumer is terrible. Someone can expose and sell their financial information. Hackers can compromise their mobile device and steal money from their accounts.

Meanwhile, the organization suffers as well. Successful brand impersonation attacks abuse the value created by the organization to their own ends. It damages the organization’s credibility in the market and their relationship with their customers. Brand impersonation poses severe risks to brands’ equity, operations, and growth which can manifest as:

Lost Revenue

Account Takeover Fraud Costs

Increased Customer Churn

Increased Customer Service Wait Time

Lower Digital Service Adoption

Greater Reputational Risk

IT Leaders Sound Off on Best Online Brand Protection Strategies

The webinar panel featured Ryan Donnon, the IT Director at First Round Capital. It also included David Grenetz, the Senior Vice President of IT at Notable Capital. Lastly, Kevin Maire, the founder of Maire Consulting, was part of the panel.

They provided a complete list of strategies organizations can use to protect against online brand impersonation fraud.

Combat Typosquatting

Typosquatting is a type of attack. In this strategy, a threat actor registers domains that look like real business domains. The goal is to register common misspellings of the domain. This way, users who type the URL may accidentally find the harmful site. To stop this threat, the simple solution is to register all variations of your domain name. Then, set up redirects to send users back to the main website URL. This can be effective but also expensive.

• An alternative strategy would be to deploy a solution like GlobalBlock Plus . Rather than registering every possible domain, GlobalBlock Plus works with domain registries to block domains with typosquatting potential.

• The organization does not need to purchase the domains. They do not register. Instead, the domains block at a price point lower than the cost of registering the names yourself.

Training

 As is the case in other areas of cybersecurity as well, training is the foundation of brand protection. Use a mix of regular training throughout the year, automated tools, live training sessions, and extra sessions for new threats.

• The training program should focus on brand impersonation techniques. It should explain what phishing messages look like and how to identify them. Additionally, your customers should receive training too.

• Help your audience understand how the company addresses customer account updates, changes, and issues. If they know the organization's formal processes and communication methods, they are more likely to be skeptical. This is especially true when they get a message different from what they usually expect.

Connect with Domain Registries, Social Media, and Government Agencies

If you find a website impersonating your brand, the next step is to remove it.

• Unfortunately, social media companies and domain registries are fielding enormous numbers of takedown requests at once. To remove content in a reasonable time, you need to follow up often and stay diligent. In this situation, any existing professional relationships with these organizations can be helpful.

Claim your Brand on Social Media

Fraudsters can take your brand name if you do not register your brand on a social media platform. They may use it for their purposes.

• Preventing this is as easy as registering your brand name on all social media platforms. Even if the social platform is not a priority in your business strategy, register it anyway. Holding your brand’s account on a social media platform can help with future takedowns of content.

Trademarks, Service Marks, and Copyright

Finally, register trademarks, service marks, or copyrights for your brand, whichever is most appropriate. This task can become complex and lengthy, but it offers the only legal recourse if someone finds brand spoofs online.

How Allure Security Can Help

A clip from the IT Leaders Virtual Panel of panel members sharing “pro tips” for protecting your brand online. 

The panel agreed on the best practices mentioned above. They all stressed an important point: organizations should not try to manage online brand protection alone. It is an enormous expense and time-sink without the specialized tools and skillsets offered by service providers.

To illustrate this, here are just some of the quotes from the panel:

Allure Security enables you to take a proactive approach to protecting your brand online. The tips above are great for improving your security. However, you must not ignore the basics.

Related Articles