Earlier this month, Van Morrison found himself scrambling to address an unexpected problem. In a public statement, the Irish singer-songwriter said his media team had become aware of fraudulent profiles impersonating his image and sending out spam messages to fans.
“We have reported and blocked multiple accounts, however, we continue to see new fake accounts being made,” Van Morrison explained. “If someone contacts you claiming to be Van Morrison and the account is not verified with a blue tick to the right of the name, please report the account.”
The story may have attracted more attention beyond Ireland had it not occurred in the weeks following similar impersonations on the other side of the Atlantic. On November 10, an account claiming to represent Eli Lilly posted, “We are excited to announce insulin is now free.” The message went viral, garnering millions of views. And in the following hours, shares of the pharmaceutical giant tumbled more than five percent – wiping out billions of dollars in market capitalization.
The two stories are in some ways par for the course. More and more enterprises find themselves victimized by perpetrators of brand abuse – copycat websites, products, and social accounts designed to exploit trusted corporate reputations. And some of the targets include industry titans. In recent months, attackers have struck PepsiCo, Nintendo, and the LA Lakers.
To date, most organizations have tolerated this threat. But unfortunately for them, brand abuse quietly nibbles away at a company’s most valuable asset – the stellar reputation they’ve spent years (and often millions of dollars) to establish. And security leaders should pay more attention to this problem.
How Safe is Your Company From Brand Abuse?
If you have ever walked into a boardroom, then you know executives appreciate the value of brands. After all, everyone knows customers will pay more for an Apple Macbook than a generic laptop. A Starbucks coffee costs more than a regular cup of joe. Pepsi without the logo is just cola. Firms with good reputations can charge premium prices. And brands can represent a core competitive advantage in the marketplace.
But brands can impact businesses more than just by fattening their profit margins. Companies with the best reputations attract top talent. Their customers remain loyal during recessions. And because Wall Street believes such firms will post outsized earnings, they enjoy a lower cost of capital. Such advantages can translate into billions of dollars of market capitalization. A survey found three-fifths of chief executives believed brand and reputation accounted for more than 40% of their company’s equity value. More recently, a report by BrandZ valued the world’s top 100 brands at over $8.7 trillion.
But while brands represent enormous stores of value for businesses, most security teams don't take adequate measures to protect these assets. And increasingly, criminals have exploited this mistake.
Nowadays, impersonating brands online only takes a few clicks of the mouse. Anyone with a credit card can register a domain resembling an established organization. Fraudsters can post job ads under the name of trusted employers. And new deep fake technologies, a technique in which users can digitally alter a person in a video or picture to resemble someone else, can allow bad actors to create even more convincing imitations.
Why Security Teams Should Prioritize Brand Abuse
As most security practitioners likely already know, brand abuse can have enormous financial consequences. For starters, content piracy costs U.S. movie studios upwards of $97.1 billion each year, according to figures compiled by DataProt. Although that figure looks like small potatoes compared to how much counterfeiters swipe from manufacturers worldwide. Based on numbers provided by the U.S. Chamber of Commerce, knockoff products account for over $500.0 billion of global trade annually. In other words, out of every $100.00 in goods exchanged, counterfeiters siphon off $1.50 for themselves.
But the dollars and cents, bad actors’ drain from a company’s quarterly profits are only the beginning. Enterprises invest enormous resources to cast themselves in the best light with the public. If a firm without any brand protection strategy suddenly becomes a target of bad actors, this reputation could be jeopardized. Eventually, stakeholders, such as customers, employees, or partners, may avoid this organization in favor of businesses that are seen as more reliable and trustworthy.
During COVID, for example, our analysts at Liferaft noted the growing problem of fake medical supplies. At the height of the pandemic, criminal groups started flooding eCommerce sites with counterfeit medicines and personal protective equipment (PPE). Such brand abuse obviously has the potential to jeopardize public health. And that can damage the reputation of suppliers that have worked hard to develop a reputation for manufacturing safe, reliable products.
Brand abuse creates different security risks, too. Take typosquatting, one popular tactic cybercriminals exploit, for example. In this technique, malicious individuals register a domain with deliberately misspelled versions of well-known websites. These look-alike sites could plaster ads all over the landing page or display pornographic content, generating lucrative revenue streams for their owners. In other cases, the people behind these schemes could use their domains to phish user credentials or distribute malware. That’s why typosquatting serves as such a popular vector to launch cyber attacks.
More recently, we have seen an explosive rise in fake employment scams. In these schemes, fraudsters post a job ad pretending to represent a trusted employer. After “interviewing” a candidate, they will request a deposit to secure the position. In such situations, victims lose these funds and often have their personal information stolen. And for the legitimate business tied up in this scheme, the scam can result in a parade of strangers unexpectedly showing up at their offices.
5 Ways to Protect Your Organization From Brand Abuse
To tackle brand abuse, my team at Liferaft have seen companies find the most success when they take a multidisciplinary approach. That means not only investing in the right technology to automate web monitoring. But it also requires security leadership to work as advisors, helping stakeholders across the organization protect their brand on several fronts. Here are a few best practices we recommend:
Exploit automated web monitoring tools
Many security teams conduct some manual web monitoring already. Unfortunately, this represents a time-intensive endeavor. Even full-size enterprises do not have enough resources to conduct manual surveillance effectively. And this can mean overlooking potential incidences of abuse that can put your brand at risk. To address this challenge, security teams should invest in web monitoring tools to automate routine tasks. For leaders, such technology represents a force multiplier allowing them to stretch limited budgets. For analysts, such tools mean spending more time investigating and addressing cases. And this can be a lot more interesting than trolling through forums collecting data.
Don’t overlook brand abuse in different languages or regions.
One unfortunate fact I have learned during my time at Liferaft: fraudsters don’t operate only in English. In fact, most instances of brand abuse occur in other languages that analysts often overlook. Addressing any counterfeiting or content piracy, for example, often means thinking beyond your native tongue. Don’t just search the web for product names or descriptions that your firm would use. Use translators to search for brand abuse in different languages. Furthermore, think beyond the places where your organization and distributors operate. Even if your company conducts most of its business in the United States, it often pays to scan eCommerce platforms in other regions like Asia, Africa, and South America.
Register a trademark for your business
Without formally registering intellectual property, organizations victimized by brand abusers have little recourse. But by filing a trademark, you gain legal rights to stop impersonators. Completing this process also grants your company the ability to sue in court and receive compensation for damages.
Educate your customers
Advocate for educational campaigns explaining to the public how to protect themselves from brand impersonation. This will reduce the risk customers will be victimized by fraud. Additionally, it makes sense to outline and communicate a safety policy across all customer-facing social media accounts, web pages, and emails. This statement could say, for example, that your organization will never contact clients directly to request login credentials or credit card information. In such situations, it’s advisable to instruct the public to forward suspicious messages to the PR, security, or marketing teams.
Create accounts on all social platforms
Most companies perform some kind of social media marketing. But few businesses connect with their customers across every platform. Say, for example, marketing doesn’t have a reason to be on Snapchat or Twitch. In these cases, they usually won’t invest the time to set up a presence there. But if your company doesn’t have an account on a particular site, it’s easier for a bad actor to create a handle impersonating your brand. And if you are not monitoring such communities, these impostures can operate with impunity for quite some time. For this reason, it pays to establish some presence on each social media site. That applies even if your organization has no intention of using it.
The Bottom Line on Brand Abuse
Modern-day brand management means more than writing snappy slogans. In the internet age, it also requires safeguarding against external threats that could result in reputational damages. And this often goes beyond the capabilities of the departments traditionally assigned to this role, like marketing or legal.
To address this problem, security teams have the chance to step up. By prioritizing brand abuse in their strategy, they can remain one step ahead of this threat. And this can go a long way toward keeping your company’s customers and bottom line safe.