BLOG

Articles about website spoofing, cybersecurity trends, and how to protect your customers from hackers.

Three signs you do online brand protection right (& two signs there’s room for improvement)

17 - May 2023

Knowing exactly what to do when your brand is impersonated online seems like a daunting task. A number of nuances may send you down the wrong path – wasting your time and allowing offending content to remain live on the internet for longer. Use this list to evaluate your online brand protection program.

Three signs you’re doing online brand protection right

1. You’ve secured your trademarks and claimed your brand name online

Properly registered trademarks make removing offending content from the internet easier for all parties. Evaluating which side’s argument is valid (the complaining brand vs. the publisher of the content) is often not as obvious as it seems to be to the complainant. Take the time to register any and all trademarks your brand uses with the U.S. Patent and Trademark Office and the E.U. Intellectual Property Office. A registered trademark is required for there to be any hope of making an argument that said trademark is being infringed upon.

While sometimes overlooked, brands need to establish themselves wherever their customers are. In today’s digital world, that means owning the online “anchors” associated with your brand. Register any domains you plan to do business on. If your brand has an international presence, consider registering on relevant top level domains. In addition, Twitter handles, Instagram accounts, Facebook pages, and any emerging social media platforms are also places you should consider claiming your name brand. You should also be sure to grab social media profile names for your executives.

2. You are proactive and comprehensive with your monitoring strategy

So, how can you tell that your monitoring is enough? What exactly constitutes a “comprehensive” strategy? For starters, it goes beyond looking for domains similar to your own. 

In the past, a popular method of finding impersonations was scanning for permutations of a brand’s domain name. These days however, brand impersonators have moved away from using only look-alike domain names. In 2023, a scam site impersonating your brand will very likely have a URL completely different from your own in order to avert detection by less sophisticated monitoring methods. 

Finding impersonation sites that use random domains unrelated to your brand name is no easy task. Looking for said impersonations manually is essentially impossible.

There’s a long list of websites to visit, which can get tedious quickly. Before choosing Allure Security, one security analyst spent two hours each day, from 9 a.m. to 11 a.m., sifting through a list of 40 to 100 suspicious websites. Once they started using Allure Security’s AI-powered detection engine (which scans 100+ million digital assets each day) to do the job, their work time dropped from 2 hours to just five minutes. 

Just as consumers use mobile apps and social media platforms to interact with brands; scammers are diversifying the methods through which they distribute attacks. Phony social media profiles, posts, and mobile app listings have become remarkably effective vectors for online brand impersonation attacks. 

Given that attacks can and do come from all corners of the internet, we recommend educating your customers on when and when not to engage online. Make it clear to your customers on which social media platforms your brand will engage with them. In addition, spell out where customers should download authorized versions of your mobile app. A consistent posting schedule on social media can also help establish in your customers’ minds which social media profiles are official and authorized.

3. You have a team of takedown experts that has built relationships with registrars, hosts, social media platforms, etc.

Reporting a scam to a network of blocklists is one thing. Removing that impersonation from the internet is a different process entirely. Employees responsible for managing your brand’s online presence and performing takedowns can extrapolate a lot of value from having a good relationship with those folks on the other end. 

Consider the abuse teams at registrars, web hosts, and social media platforms that evaluate a steady stream of requests to remove content that one of their customers has published. To justify a takedown, they need concrete evidence of a violation of their user agreements. Building a reputation with a provider can mean they more quickly act on your requests knowing that past requests were justified and included the proper evidence. Building such a relationship takes time and many brands are better off choosing a vendor like Allure Security that already has relationships with various providers built on a history of valid requests. These relationships go a long way in reducing time-to-takedown. 

Establishing a thorough understanding of a registrar’s or other providers’ acceptable use policies and the evidence required for takedown is key. For example, most registrars will respond to complaints pertaining to phishing websites and spam emails. However, they will not help with addressing copyright or trademark infringement claims. Instead, you will need to work with the web hosting provider on taking down such content. 

Understanding the nuances of abuse reporting for various registrars, hosts, social media platforms, and more are also critical to increasing takedown success rates and accelerating takedown speeds. For example, when attackers use parked domains to send phishing emails, registrars will not act without having the phishing messages (including headers) in hand.

In addition, adversaries will also abuse dynamic DNS services to create phishing websites using subdomains. Dynamic DNS services will not take down an entire domain for one malicious sub-domain. In those cases, you typically need to identify the host of the content and pursue that route for takedown. If that sounds complicated, you’re right. This is why many brands find it much more cost-effective to hire a specialist such as Allure Security to handle this work for them.

Two signs there’s room for improvement in your online brand protection program

1. Fake sites impersonating your brand remain live on the Internet for weeks

Obviously, the longer a phishing website, deceptive social media profile, or unauthorized mobile app remains on the internet, the more of your customers can fall victim. And the damages go beyond just the direct fraud costs.

The costs of online brand impersonation attacks include:

  • Tangible costs
    • Direct fraud costs
    • Customer reimbursements
    • Lost sales
    • Decreased revenue
    • Increased customer complaint volume
    • Customer churn
    • Staff hours:
      • Call center volume
      • Hunting spoofs
      • Submitting takedown requests
      • Tracking takedown requests
  • Intangible costs
    • Reputation damage
    • Negative brand perception
    • Loss of consumer trust in digital channels
    • Staff burnout

Each of these costs increase with time. Expert takedown services from vendors like Allure Security can reduce mean-time-to-takedown to minutes or hours compared to weeks or months via other methods.

2. Your customers are serving as your detection system

Are you learning of brand impersonation attacks targeting your brand mostly from customers?   If so, it might be time to work on your strategy. When consumers fall victim to online fraud, 63% of them blame the brand  – regardless of whether the brand did anything wrong. On top of that, 32% of victims will leave the brand altogether after a bad experience. 

Fortunately, it is possible to get ahead of these scams and eradicate them before a single customer falls victim. It involves a combination of automating the continuous assessment of more digital assets on the internet, along with a seasoned team of takedown experts that can reduce takedown time to hours versus days.

WHAT YOU SHOULD DO NEXT

  • Contact us if you’re ready to work with an expert to improve  your visibility of and response to abuse of your brand online.
  • Learn more about optimizing the people, processes, and technology driving your  online brand protection with our free Busy Person’s Guide to Online Brand Protection.
  • Read our blog post about why Gartner® recognizes Allure Security as a provider of  Digital Risk Protection Services and online brand protection.

Posted by Mitch W

CONTACT US

Phone Number - (877) 669-8883