I’ve spent most of my working life working in, or for, brands, so I know that one of the things that is highest on any brand marketing team’s/manager’s mind is to maximise brand recognition and build trust. We want customers and consumers to feel warm, fuzzy and confident when our brand name pops into their heads. When they have a need, we also want our brand to be the first one that springs to mind.
I used to put a lot of effort into this myself, but thankfully in the days before cybersecurity became such a big issue. But what do brand reputation and cybersecurity have in common and what can brands do about it?
Spoofing attacks are not new and if you don’t know what it is, it’s quite simple. It’s when a bad actor/scammer pretends to be someone else in order to fool a victim. In the early days it was as simple as IP Spoofing, email address spoofing and domain spoofing. If you can’t wrap your head around it, think of it like this…
Bad actors/scammers employ numerous tricks to confuse victims into believing they are looking at a genuine email or website and clicking on a genuine link. Instead of lloydsbank.co.uk, they might use loydsbank.co.uk (some people simply wouldn’t notice the missing letter). Or they could add a link pointing to lloydsbank.accountauthentication.co.uk. Many people won’t know that it’s the last part, before the .co.uk, that has to be officially registered. So if you visited that link, you’re actually visiting a site called ‘accountauthentication.co.uk’ who have then created a subdomain called ‘lloydsbank’. On this subdomain, they can run an entire website or a single page that mimics that of the real Lloyds Bank.
Early examples were quite basic and had terrible spelling and grammar, so it wasn’t too hard to detect even if you did accidentally click the link. But today, scammers can create flawless, pixel-perfect, omni-device versions of a well-known login or payment page that will fool many people, unless they check very carefully.
This activity was somewhat under control in 2019, but then the pandemic happened and scammers found a new and exciting outlet for their trickery. They stopped relying only on the old faithful of well-known banks, entertainment sites, technology systems, tax offices, and such; instead, expanding out into delivery companies, health organisations, finance companies, file sharing systems and much much more. Importantly, they broadened out to spoof a wide variety of small and virtually unknown brands, while going full guns blazing on the world’s biggest and most used brands.
You might think that’s bad enough, but the bad guys have gotten entrepreneurial, launching ‘brand spoofing kits’ for sale on the dark web. For just a hundred dollars or so, you can buy a complete kit, with fully designed copies of major brands’ web pages and emails, ready-to-go!
Brand spoofing is such a popular tactic because it’s relatively simple from a technical perspective and very effective. Depending on which cyber security company you talk to, they’ll tell you that somewhere between 90% to 95% of all compromises began as a phishing email. No wonder when in a recent brand trust report by Mimecast, they identified that 79% of people have received a phishing email to their inbox and a staggering 54% of those have opened a phishing email!
If that’s not bad enough, when it comes to brand spoofing:
So this is not just a problem related to email, which means consumers have to be vigilant in all channels and even in searches – which is tough because we all trust Google results, right?
As a marketer, you may be sympathetic to the victims of cybercrime that have been duped using a spoofed email or web page bearing your brand, but it has much greater ramifications than you might think. Financial institutions are already repaying customers and other victims who have been defrauded, thinking it was the real bank contacting them. This costs them millions in lost profits each year. So if you’re a brand marketer in a financial organisation, this has a very real cost to your business. But it’s even worse and affects more than just financial companies!
Although not directly related to consumer scams, loss of user data from a compromise can have massive implications, both financially from penalties and the loss of customer confidence.
Now think of all the work you do to have your customers and subscribers agree to receive emails from you and to make them open them, read them and take action. So what do you think happens when they get an email from someone pretending to be you? Well, according to Mimecast, almost half (46%) of consumers don’t hesitate to open an email from brands they use regularly, and 36% will happily click a link in that email!
Now consider that when asked, consumers said:
All the work you do to gain their trust and like your brand, gone, because of someone pretending to be you.
There are a number of things you can do as follows:
Most of these remedies take planning, time and also cost. But unfortunately, brand spoofing is not only here to stay but is an exponentially growing problem that can affect all companies, large and small. Ignoring the problem, however, can badly damage your hard-earned reputation and ultimately your bottom line.
But technologies, like Computer Vision for Phishing Detection can help to drastically mitigate the risk for your brand.
Ignore it at your peril.Book A Demo
Reading Time: 5 minutes A close examination of the APWG Phishing Trends Report (Q1 2022) TLDR: Our previous article on this subject focused on the historical […]Anti-Phishing Cybersecurity
Seamlessly integrating our API is quick and easy, and if you have questions, there are real people here to help. So start today; complete the contact form and our team will get straight back to you.