Your brand’s online identity, whether that’s a website, social media profile, or mobile app, can be the primary—and often only—connection to your customers. Defending it with robust detection, disruption and takedown of cyber threats protects your business, your customers, and your online reputation.
Your brand’s hard-earned reputation, perhaps years in the making, can be tarnished in an instant by criminals using sophisticated cyber attacks across multiple channels. They might construct fake shops purporting to sell branded goods that drive traffic away from your legitimate site. Or they could establish phishing sites designed to steal payment and personal information from your existing (and potential) customers. They might also create convincing social media profiles or ads to mislead customers or direct them to malicious websites.
Regardless of the method, attacks on your brand damage consumer confidence and undermine marketing and advertising efforts to grow your business. That’s why an effective solution to detect and defend against online brand abuse is so important.
In this guide, we’ll explore the threat landscape around online brand protection, and take a detailed look at how phishing, scam, and fraud campaigns are designed to exploit the trust that citizens place in established organizations, products and services.
We’ll also consider the most effective ways to disrupt cyber attacks that are targeting your brand, with the aim of taking down the malicious content that can put your customers’ online safety at risk and damage your reputation.
Why protect your digital brands?
According to a 2021 report carried out by the EUIPO (European Observatory on Infringements of Intellectual Property Rights) and the OECD (Organisation for Economic Co-operation and Development) between 2018 and 2020, online retail sales, a subset of the B2C total, rose by 41% in major economies.
At the same time, the online environment “became a more popular target for illicit trade which poses a major challenge to an innovation-driven global economy”. Cyber law enforcement reported increasing volumes of various e-crimes, including offerings of illicit goods, among them fake and substandard medicines, test kits and other COVID-19-related goods.
It’s now acknowledged that the pandemic accelerated the adoption of ‘life online’, with millions of people using the internet increasingly for socializing, shopping, leisure and business. This represented a massive opportunity for cyber criminals. In particular, the surge in ‘hybrid working’ – with many employees using their own unmanaged devices and networks – made it harder for organizations to offer to protect employees from cyber attacks.
This means that brand owners must now work harder than ever to protect their brand and its intellectual property across many digital channels. Online brand protection detects instances of brand abuse (including impersonation attempts, fraud campaigns and product counterfeiting), and disrupting the threats to protect your brand’s integrity, employees, and customers.
Cybercriminals will exploit your brand wherever they can, usually through phishing sites, fake shops, online advertisements, social media profiles, rogue mobile apps and emails. Online brand protection will therefore require:
- a platform operating autonomously, 24/7, across a multitude of different data sources
- search capabilities that detect misuse of your brand’s name and likeness, whether that’s the name, logo, tagline, domain or social media profile
- the ability to disrupt and takedown attacks that are abusing your brand in real-time – ideally within minutes – so the damage to your organization is minimized
How cyber criminals exploit your brand
Many cybercriminals are motivated by financial gain, and will use a variety of attack methods, requiring only modest technical ability, to exploit your brands online. Here are some of the most common techniques.
Claiming to offer highly discounted goods, fraudulent online stores (or fake shops) impersonate the websites of luxury brands and established retailers. These shops are often a front to capture payment details (and other sensitive information) that users submit at the checkout stage of the transaction. These details can then be used to create convincing phishing attacks (which we discuss later) or sold on to other cybercriminals. Any goods that do end up being delivered, are very likely to be counterfeit.
Fake shops don’t just harm your existing customers; they drive potential traffic from legitimate retail outlets and cost brands financially and in terms of reputational damage. Netcraft discovers about 3,000 fraudulent online shops every day, and to date, has taken down over 500,000 fake shops.
Survey scams are online forms that trick users into thinking they are being marketed to by a legitimate company or brand. The scams often look professionally designed and will impersonate established organizations using the target brands logos, fonts, colors and other design elements. Once again, these scams are used to lure victims into providing personal information (which the criminal will use to commit further crimes) in exchange for the chance to win a non-existent prize.
Social media impersonation
Cyber criminals will create fraudulent Facebook pages, as well as fake Twitter/X and Instagram accounts, created to mislead and confuse potential victims. They can include scam celebrity endorsements designed to trick victims into visiting fake shops and other malicious websites.
Phishing attacks are often launched on a massive scale, as criminals can send millions of emails and SMS messages quickly, at virtually no cost. If a victim clicks on a link from within the scam message, they’ll be directed to a phishing website, designed to look like those operated by established brands. From here, the criminals will attempt to trick visitors into disclosing private and sensitive information, which can be used for future attacks.
Fake mobile apps
The popularity of apps has given rise to cybercriminals creating fake copies of official apps that impersonate legitimate organizations. The aim is, again, to gain access to their customers’ personal or financial details, which are often required when setting up the app. Criminals will take organizations’ official apps from the Google Play and the Apple App Store and redistribute copies with malicious code injected, allowing them to harvest user details from a seemingly official app.
Shopping site skimmers
If a legitimate website has been compromised (usually by exploiting vulnerabilities in e-commerce platforms or third-party resources that retailers rely on), cyber criminals can place malicious code within the organization’s web page.
This allows criminals to perform a range of nefarious activities, both targeting the organization itself, and its customers visiting the site. This includes sending any payment details (or any other personal data) that have been entered during the checkout process to a website controlled by the cybercriminal, a technique known as skimming. The customer, of course, is completely unaware that this is happening.
Alternatively, the criminals might exploit browser vulnerabilities to drop malicious code onto customers’ computers which can be used for more advanced attacks. They could also deface the legitimate website (for example by injecting it with advertisements, or with malicious content designed to damage the organization’s reputation).
What’s key to preventing online brand abuse?
Manually tracking down malicious websites can be slow and ineffective. The best automated solutions will operate 24/7, searching the internet for misuse of your brand’s name and likeness (whether that’s the name, logo, tagline, domain, website address or social media profile) across a multitude of data sources.
Brand protection platforms need to be able to identify both established and innovative cyber attacks across a threat landscape that is constantly evolving. Brand protection platforms will require a combination of extensive domain knowledge and sophisticated automation to detect attacks with speed and accuracy, and should:
- use advanced search techniques, including reverse image searches, for brand logos and suspicious images
- maintain a list of ‘bulletproof’ hosting companies commonly used by criminals to facilitate cyber attacks
- monitor email addresses, addresses, and phone numbers for the presence of commonly used tactics and tell-tale patterns of fake shops
- discover link farms that cybercriminals used to boost SEO rankings of fake shop websites
Speed of response
When it comes to protecting your online reputation, speed of response is a critical factor. Before you’re even aware there’s a problem, a single fraudster could have established hundreds of fraudulent websites using your brand’s identity.
The best online brand protection platforms should be able to disrupt cyber attacks and block victims from accessing malicious sites within minutes. The malicious content itself should be removed within hours. This will ultimately require significant automation, so that the relevant third parties with the power to remove the content (such as hosting providers and domain registers) are notified as quickly as possible using the most appropriate channel.
Due to the sheer scale of online activity and the proliferation of digital channels, a brand protection platform will need to ingest millions of reports every day. This will include data from the cybersecurity reporting community, industry and government feeds, large-volume spam email datasets, and customers’ own reporting mechanisms.
Threat intelligence is the process by which this vast amount of data is filtered into operational insight, allowing malicious content to be identified, disrupted, and ultimately taken down. This requires heavily automated analysis, exploiting advances in machine learning and AI, with manual involvement limited to edge cases.
As we’ve discussed, there are hundreds of attack types, which presents brand protection platforms with a huge technological challenge in terms of analyzing masses of noisy data. All suspected attacks need to be validated, which means providing evidence of malicious activity to those organizations with power to takedown abusive content.
Expertise and experience
Technology and automation are of course essential, but they are only part of the solution. A brand protection platform should have the agility and experience to respond to new threats and attack types as they emerge.
Whilst automated systems will account for the majority of commodity attacks operating at scale, the ability to call upon cybercrime expertise – ideally with decades of experience and with established relationships with key internet infrastructure organizations – is equally important.
Extensive automation layered with human insight is key to a successful approach. Technical operational teams need to be able to step in to help with brand takedowns when a human touch is required, including making phone calls and liaising with webmasters, hosting companies and social media platforms.
Brand protection from Netcraft
Netcraft’s brand protection solutions are designed to offer quick response and resolution to cyber threats targeting your organization before they can cause extensive damage to brand value and customer trust. Netcraft protects brands in 100+ countries and performs takedowns for four of the ten most phished companies on the internet.
Netcraft’s brand protection platform operates 24/7 to discover phishing, fraud, scams, and other cyber attacks through extensive automation, AI, machine learning, and human insight. Our disruption & takedown service ensures that malicious content is blocked and removed quickly and efficiently—typically within hours.
Netcraft is the world leader in cybercrime detection, disruption, and takedown, and has been protecting companies online since 1996. We provide industry-leading brand protection through constant innovation, extensive automation, and unique insight.
At the core of Netcraft’s detection capability are highly effective searches across internet-scale datasets derived from decades of experience mapping the internet. Netcraft’s global feeds cover cybercrime targeting any institution, including non-customers, and are widely licensed by browsers and antivirus companies. These feeds drive the powerful detection of compromised sites hosting attacks which impersonate your brands.