Cybersecurity remains a back-and-forth contest between threat actors and cybersecurity professionals. When fraudsters develop a new technique to circumvent security systems, cybersecurity professionals respond with new security tools to counteract the new techniques.

This dynamic continues today, but the world is not the same as it was fifteen years ago. A far greater share of business is conducted online than before. Every company has a website, a social media presence, and an online brand vulnerable to impersonation. It’s a dizzyingly vast landscape of digital identity, which drives greater complexity in attack strategies and more opportunity for illicit gains.

According to recent data from the US Federal Trade Commission (FTC) , consumers lost more money to scams in 2023 than ever before. More, the FTC also reports that impersonation scams, defined as fraudsters falsely representing themselves as legitimate organizations, were the most commonly reported type of fraud. Financial losses in this area rose 13% year over year.

The challenges only increase if we look further ahead. We are just beginning to explore the potential of artificial intelligence (AI), and already viral stories arise based on AI generated images. For example, in March 2023, social media became enamored with an image of Pope Francis wearing a white puffer jacket. The image is compelling but entirely artificial. Fraudsters will utilize these same tools in a rapidly approaching new generation of impersonation attacks, and studies have shown that consumers worry daily about falling victim to these deep fake attacks.

Luckily, these dynamics do not go only one way. AI also makes it possible for greater threat detection and the ability to recognize new and emerging threats in real-time. Financial institutions, enterprises, and businesses of all sizes can combat these new threats with advanced online brand protection tools.

In July 2024, Allure Security hosted a panel discussion with IT leaders from financial institutions in the venture capital space. Their insights map out a cybersecurity posture that can better protect consumers, employees, and the organization’s brand identity online in this new landscape. It’s imperative that organizations leverage these tools and best practices however they can to blunt the threat of brand impersonation attacks.

The Threat of Brand Impersonation to the Organization

Before we explore ways to mature a brand protection program, we must first understand what is at stake. The damage a brand impersonation attack can do to an individual consumer is terrible. Their financial information can be revealed and sold, their mobile device compromised, and even funds stolen directly from their accounts.

Meanwhile, the organization suffers as well. Successful brand impersonation attacks abuse the value created by the organization to their own ends. It damages the organization’s credibility in the market and their relationship with their customers. Brand impersonation poses severe risks to brands’ equity, operations, and growth which can manifest as:

• • Lost revenue
  • Account takeover fraud costs
  • Increased customer churn
  • Increased customer service wait time
  • Lower digital service adoption
  • Greater reputational risks

IT Leaders Sound Off on Best Online Brand Protection Strategies

The webinar panel included Ryan Donnon, Director of IT at First Round Capital; David Grenetz, Senior Vice President of IT at Notable Capital; and Kevin Maire, founder of Maire Consulting. Together, they supplied a thorough list of strategies organizations in any industry can leverage to better protect their brand online.

• Combatting Typosquatting: Typosquatting is an attack strategy in which a threat actor registers domains that are very similar to the legitimate domains of a business. The goal is to register a common misspelling of the domain, so users manually entering the URL may accidently stumble upon the malicious site.
• To prevent this threat, the straightforward solution is to register all variations of your domain name yourself and set up redirects back to the primary website URL. This can be effective but also expensive.

  An alternative strategy would be to deploy a solution like GlobalBlock Plus . Rather than registering every possible domain, GlobalBlock Plus works with domain registries to block domains with typosquatting potential. The organization does not need to purchase the domains. They aren’t actually registered. The domains are instead blocked at a price point lower than what it would cost to register the names yourself.

• Training: As is the case in other areas of cybersecurity as well, training is the foundation of brand protection. Utilize a combination of regular trainings throughout the year, automated tools, some live training sessions, as well as ad hoc sessions in response to emerging threats. The training program should be focusing on brand impersonation techniques, what these phishing messages look like, and how they can be identified.
• What’s more, your customers should be trained as well. Help your audience understand how the company addresses updates, changes, and issues to customer accounts. If they are familiar with the formal processes and communication channels of the organization, they are more likely to be skeptical when they receive a communication that deviates from the norm.
• Build Relationships with Domain Registries, Social Media, and Government Agencies: When a brand impersonation is found on the web, the next course of action is executing a takedown of the malicious website. Unfortunately, social media companies and domain registries are fielding enormous numbers of takedown requests at once. To remove content within a reasonable timeline, it requires repeated follow-ups and diligence.
• Given that environment, any pre-existing professional relationships with these organizations can be useful. Determine if anyone on the team has business connections at domain registries and social media companies. Then, build on those relationships. This can greatly expedite your takedown request when the time comes.
• Claim Your Brand on Social Media Channels: If your brand is not registered on a social media platform, it creates an opportunity for a fraudster to seize the brand name and use it for their own purposes. Preventing this is as easy as registering your brand name on all social media platforms. Even if the social platform is not a priority in your business strategy, register it anyway. Holding your brand’s account on a social media platform can help with future takedowns of content on the platform.
• Trademarks, Service Marks, and Copyright: Finally, register trademarks, service marks, or copyrights for your brand, whichever is most appropriate. This is can be a complex, lengthy task, but it provides the only legal recourse should brand spoofs be found online.

HOW ALLURE CAN HELP

A clip from the IT Leaders Virtual Panel of panel members sharing “pro tips” for protecting your brand online. 

The panel agreed on the best practices listed above, and each of them emphasized another crucial point: organizations should not try to handle online brand protection on their own. It is an enormous expense and time-sink without the specialized tools and skillsets offered by service providers.

To illustrate this, here are just some of the quotes from the panel:

“The web is a vast vast place, and it’s very easy to spin up a Twitter or an X account or a Telegram account, and there’s just not enough hours in the day to handle that yourself. So I’m just highly stressing that people should be looking to engage with firms that are trusted in this space.”
— Ryan Donnon, Director of IT at First Round Capital

“It took Allure Security 5 minutes to do what would have taken me 3 solid days of work.”
— Kevin Maire, founder of Maire Consulting

“An obvious [pro tip] is to work with a brand protection firm like Allure Security. It is a great place to start.”
— David Grenetz, Senior Vice President of IT at Notable Capital

Allure Security enables you to take a proactive approach to protecting your brand online. The pro tips provided above are excellent at strengthening your security posture at the margins, but you cannot overlook the core.

You need to be looking for spoofs across the surface, deep and dark web and initiating takedowns of those malicious sites — and Allure Security is ready to help.

Our solutions utilize sophisticated algorithms to analyze wide sections of the internet at rapid speed and evaluate these pages as a human would. That allows us to catch spoofs that other solutions would miss. We then pair these technology with an intrepid takedown team experienced and tenacious enough to ensure that brand spoofs of our clients are removed in short order.

WHAT YOU SHOULD DO NEXT

Our webinar panel with IT leadership covered much more ground than this blog. To learn about industry partnerships in combatting online brand impersonation, stories of brand impersonation attacks they’ve encountered, and clear signs it is time to outsource your brand protection, watch the full webinar here: WATCH NOW.