Brand impersonation is a common phishing tactic that has convinced many brands to monitor registered online assets that include the company’s domain or trademarks. On the one hand, being aware of phishing attacks involving brand domain is important. On the other hand, giving brands false confidence that monitoring these assets will keep them and their customers safe is incredibly dangerous.
That’s not to say that monitoring domain names isn’t important, because it definitely is. According to Vincent D’Angelo, the Global DIrector of Corporate Development and Strategic Alliances with CSC DBS, failing to protect registered domains is, “As if we spent thousands of dollars on installing cameras and locks throughout our homes but ignored a broken lock on our front doors.”
Still, as important as they may be, registered domains do not tell the entire story of web fraud. There are external digital threats to consider for sufficient online brand protection, including:
- Visuals of both company logos and product images
- Written and recorded content
- Form-based phishing attacks hunting for customers’ personal information
By focusing solely on registered domains, brands neglect these critical elements and expose themselves to attacks.
Let’s dive in deeper to see which mindset shifts should occur and how online brand protection tools can assist.
What Brands Can Do Differently
- Analyzing all text types using NLP technology: Every piece of content is relevant and should be monitored to reach an adequate protection level. Brands shouldn't rely on human capabilities for the job and instead, use Natural Language Processing (NLP) technology. Dedicated brand protection tools can spot seemingly minor changes that may escape the human eye, analyzing the text in a more detailed and profound way.
Some elements that may come to light when using the right approach and technology for text analysis include:
- Registration date: If the domain was registered recently, it might be suspicious. Contradictions between the brand’s maturity and the domain’s age are worth paying attention to.
- Hosting provider: Websites without HTTPS certificates and those using public cloud services may also indicate a problem.
- Images: Brands should check to find copyrighted images of products and logos on websites. Even without specifying the brand’s name, these creative assets are enough to form the base for brand impersonation.
- Looking beyond the domain: Brands should understand that even if their domain isn’t mentioned, a fraudulent website can still use their assets to give customers the feeling they're legitimate, thereby infringing on their product or service. To prevent this scenario and detect website fraud, brands should analyze every piece of content, using innovative technology.
- Examining payment options: This section of a website is very telling because fake websites typically do not have access to clickable, verified financial brands like Visa or American Express. The logos of such companies may appear on the website, but payment using these services will probably be impossible for a fraudulent asset. This is another commonly overlooked element that can let brands and shoppers know if a website is genuine or not.
Let us show you what you could be doing differently to protect your brand
Avoid These Common Mistakes
- Focusing on main domains: Brands must give scammers more credit for creativity and seek more than just fake websites that include their actual domain. Scammers are more sophisticated than that, using different spelling options, company taglines, ad text, similar names, outdated industry terms, and more. Every variation that indicates the brand’s involvement works for them, so each option should be monitored regularly.
- Ignoring social media: In today’s digital world, a website isn’t always the main asset used to execute a phishing attack. Instead, scammers can choose from multiple social media networks to create fake assets and impersonate a brand. Clickbait ads can lead unsuspecting customers to fraudulent landing pages and websites and make them viral without mentioning the brand on the website itself. Companies that only search for fake domains will allow such attacks to escape their radar.
- Superficial analysis: Given the wide variety of options scammers currently have, it’s time for brands to kick it up a notch and opt for a more significant level of analysis. Simply creating a list of keywords and scanning websites for them isn’t enough. Brands should think of content in a more holistic way and examine it thoroughly.
BrandShield enables brands to cover the many different aspects of phishing scams and scan websites and social media networks for content and visual fraud. By covering all sources and assets, brands answer the true needs of online brand protection and keep their reputation and customers safe from phishing scams in the deepest way. To understand how BrandShield can do the same for your brand, contact our security experts today and make the world wide web your new protected domain.