Security against the Rising Threat of Impersonation Scams
Cybersecurity remains a back-and-forth contest between threat actors and cybersecurity professionals. When fraudsters develop a new technique to circumvent security systems, cybersecurity professionals respond with new security tools to counteract the new techniques. Specifically, how to address online brand impersonation fraud.
This dynamic continues today, but the world is not the same as it was fifteen years ago. A far greater share of business is conducted online than before. Every company has a website, a social media presence, and an online brand vulnerable to impersonation. It’s a dizzyingly vast landscape of digital identity, which drives greater complexity in attack strategies and more opportunity for illicit gains.
According to recent data from the US Federal Trade Commission (FTC) , consumers lost more money to scams in 2023 than ever before. More, the FTC also reports that impersonation scams, defined as fraudsters falsely representing themselves as legitimate organizations, were the most commonly reported type of fraud. Financial losses in this area rose 13% year over year.
AI increases scam opportunities
The challenges only increase if we look further ahead. We are just starting to explore the potential of artificial intelligence (AI). Already, viral stories are appearing about AI-generated images. As an example, in March 2023, social media loved an image of Pope Francis in a white puffer jacket.
The image is compelling but entirely artificial. Fraudsters will use these tools in a new wave of impersonation attacks. Studies show that consumers worry daily about becoming victims of deepfake scams.
In July 2024, Allure Security held a panel discussion. IT leaders from financial institutions in venture capital attended. Their insights outline a cybersecurity plan that can better protect consumers, employees, and the organization’s online brand identity. Organizations must use these tools and best practices to reduce the risk of brand impersonation attacks.
The Threat of Online Brand Impersonation Fraud to Organizations
Before we explore ways to mature a brand protection program, we must first understand what is at stake. The damage a brand impersonation attack can do to an individual consumer is terrible. Someone can expose and sell their financial information. Hackers can compromise their mobile device and steal money from their accounts.
Meanwhile, the organization suffers as well. Successful brand impersonation attacks abuse the value created by the organization to their own ends. It damages the organization’s credibility in the market and their relationship with their customers. Brand impersonation poses severe risks to brands’ equity, operations, and growth which can manifest as:
Lost Revenue
Account Takeover Fraud Costs
Increased Customer Churn
Increased Customer Service Wait Time
Lower Digital Service Adoption
Greater Reputational Risk
IT Leaders Sound Off on Best Online Brand Protection Strategies
The webinar panel featured Ryan Donnon, the IT Director at First Round Capital. It also included David Grenetz, the Senior Vice President of IT at Notable Capital. Lastly, Kevin Maire, the founder of Maire Consulting, was part of the panel.
They provided a complete list of strategies organizations can use to protect against online brand impersonation fraud.
Typosquatting is a type of attack. In this strategy, a threat actor registers domains that look like real business domains. The goal is to register common misspellings of the domain. This way, users who type the URL may accidentally find the harmful site. To stop this threat, the simple solution is to register all variations of your domain name. Then, set up redirects to send users back to the main website URL. This can be effective but also expensive.
• An alternative strategy would be to deploy a solution like GlobalBlock Plus . Rather than registering every possible domain, GlobalBlock Plus works with domain registries to block domains with typosquatting potential.
• The organization does not need to purchase the domains. They do not register. Instead, the domains block at a price point lower than the cost of registering the names yourself.
As is the case in other areas of cybersecurity as well, training is the foundation of brand protection. Use a mix of regular training throughout the year, automated tools, live training sessions, and extra sessions for new threats.
• The training program should focus on brand impersonation techniques. It should explain what phishing messages look like and how to identify them. Additionally, your customers should receive training too.
• Help your audience understand how the company addresses customer account updates, changes, and issues. If they know the organization's formal processes and communication methods, they are more likely to be skeptical. This is especially true when they get a message different from what they usually expect.
If you find a website impersonating your brand, the next step is to remove it.
• Unfortunately, social media companies and domain registries are fielding enormous numbers of takedown requests at once. To remove content in a reasonable time, you need to follow up often and stay diligent. In this situation, any existing professional relationships with these organizations can be helpful.
Fraudsters can take your brand name if you do not register your brand on a social media platform. They may use it for their purposes.
• Preventing this is as easy as registering your brand name on all social media platforms. Even if the social platform is not a priority in your business strategy, register it anyway. Holding your brand’s account on a social media platform can help with future takedowns of content.
Finally, register trademarks, service marks, or copyrights for your brand, whichever is most appropriate. This task can become complex and lengthy, but it offers the only legal recourse if someone finds brand spoofs online.
How Allure Security Can Help
A clip from the IT Leaders Virtual Panel of panel members sharing “pro tips” for protecting your brand online.
The panel agreed on the best practices mentioned above. They all stressed an important point: organizations should not try to manage online brand protection alone. It is an enormous expense and time-sink without the specialized tools and skillsets offered by service providers.
To illustrate this, here are just some of the quotes from the panel:
“The web is a vast vast place, and it’s very easy to spin up a Twitter or an X account or a Telegram account, and there’s just not enough hours in the day to handle that yourself. So I’m just highly stressing that people should be looking to engage with firms that are trusted in this space.”
“It took Allure Security 5 minutes to do what would have taken me 3 solid days of work.”
“An obvious [pro tip] is to work with a brand protection firm like Allure Security. It is a great place to start.”
Allure Security enables you to take a proactive approach to protecting your brand online. The tips above are great for improving your security. However, you must not ignore the basics.
Related Articles
-
Credit Union in U.S. South Supercharges Takedown CampaignsDo-It-Yourself Takedown Struggles A credit union based in the southern United States supports...
-
Fraudsters Steer Clear of Federal Credit UnionSleepless Nights and Overburdened IT Teams A federal credit union managing $3.06 billion...
-
Credit Union Reduces Security Threat from ZelleIntegrating Zelle without Putting Members at Risk Financial institutions must contend with a...
-
Damn Filters Recovers from Poisoned Search Engine ResultsPoisoned Search Engine Results Damn Filters, a leading company in Kansas, sells online...
-
Regional Bank Protects their Brand and CustomersEliminating the Precursor to Phishing and Fraud A regional bank managing $30 billion...
-
Service Credit Union Reduces Online FraudFake Sites, Frustrated Members, and Online Fraud Service Credit Union is an award-winning...