Scammers Are Using Your Brand? 15 Ways to Regain Control

It's discouraging to launch campaign after campaign without clear results. You try more, and yet, when you track the growth of your online profiles, you find that you're not moving the needle. Stagnation or slow growth probably means you have to reassess your content strategy. However, there may be a more sinister reason your social media isn't showing the growth you're expecting. Your brand may have become a victim of brand impersonation, or brandjacking.

What is Brand Impersonation?

Brand impersonation is a ruthless cybercriminal tactic to steal the reputation of legitimate businesses. Scammers impersonate established brands (or government organizations) for evil purposes.

But there's an even darker possibility. Attackers may have gotten hold of your social media or other digital profiles through a data breach. They may be using your digital identity to cause mayhem by scamming trusting customers. If you confront these criminals alone, you may become a victim of cyber extortion. You could face the sharp end of ransomware, cyber blackmail, or doxing.

How Brand Impersonations Can Affect Organizations

When scammers use your brand to cheat customers, people may blame the company for the loss. They expect reputable brands to take steps to protect their customers.

Apart from permanently damaging a brand's reputation, brandjacking can divert sales to fake websites. By the time you have detected the problem, you may have lost substantial revenue. Worse, if people were buying counterfeit goods, your (legitimate) products may pay the price in the form of bad reviews.

Indirect costs can also add up. Removing spoof sites takes time, and you may even incur legal fees in the process. Your employees bear the burden of fixing the mess, and they may lose trust in your company's ability to weather storms. That makes it harder to keep staff or hire top talent.

How Does Brand Impersonation Work?

Brand impersonation exploits the hard work needed to build a brand that people trust.

• It often starts with typosquatting or lookalike domains. Cybercriminals purposely misspell brand names. The domain name differs slightly in spelling or may contain an extra word. Attackers use the lookalike domains in phishing schemes or to host malware.
• Fake storefronts are unauthorized people listing a reseller account on a legitimate third-party platform (e.g., Amazon). They hook potential customers with amazing deals or discounts to sell counterfeit goods.
• Fake social media accounts are pages that appear to be official brand pages. The counterfeit pages run fake promotions or competitions, hoping people will buy. When the victims pay, the criminals steal their credit card information or login details for the real site.
• Fake advertisements: Scammers often advertise counterfeit goods as genuine. Unfortunately, some cybercriminals have even infiltrated the Google Ads platform. Their misleading or dangerous ads look legit. However, clicking on the fake ad usually leads to phishing sites.

8 Action Steps to Detect and Respond to Brand Hijacking

Your business should not be unaware of issues until your customers inform you.

1. Educate consumers on how to spot phishing attempts and counterfeit products. Provide verified contact details for customer service.
2. Use domain monitoring tools to track lookalike domains. ICANN is the Internet Corporation for Assigned Names and Numbers. It oversees the global coordination of Internet identifiers and keeps track of domain ownership. Some monitoring tools can alert brand owners to suspicious registrations. For example, they add variations such as '-shop' or '-page' to the original brand name.
3. Register for alerts if a newly registered domain resembles your brand name. Domain registrars allow brand owners to set watchlists for similar domains. You can also buy domain name variations in bulk to make sure you own common misspellings of your brand. Registrars also offer domain locking services to protect domains from hijackers.
4. If you identify infringing domains, issue a takedown request to the hosting providers. You can also file a complaint with the domain registrar. Follow the Uniform Domain-Name Dispute-Resolution Policy (UDRP) established by ICANN. It's a clearly defined process to resolve domain name disputes related to fraud or infringement.
5. Pursue legal action under cybersecurity laws. It starts with a cease-and-desist letter. If necessary, you can file a lawsuit under national trademark laws like the Lanham Act.
6. Work with email service providers to implement anti-phishing measures. DMARC (Domain-based Message Authentication, Reporting & Conformance) is a protocol that helps prevent email spoofing.
7. Social media platforms provide tools to report fake accounts. Third-party social media tools can help you spot fake or unauthorized accounts.
8. Establish procedures to respond to brand hijacking incidents. Outline communication strategies and steps to take to legal action.

7 Action Steps to Secure Your Digital Profile

You have to focus on proactive measures to prevent cybercriminals from hijacking your digital profile. That's easier than enduring an agonizing journey to restore your reputation and brand. Combine these approaches to ensure no one can hold you responsible for a breach:

1. Get cyber extortion insurance, which includes expert assistance for victims. They provide guidance on the right action to take. You'll also be covered financially if you have to pay up in response to the threats.
2. Use multi-factor authentication (MFA) for all your social media and analytics tool accounts. It adds an extra layer of security beyond just a password.
3. Encrypt every connection with a virtual private network (VPN). It prevents hackers from intercepting your online transactions and stealing login credentials.
4. Install a reputable antivirus and always keep your computer updated.
5. Create long, complex passwords with a password manager.
6. Social media platforms and third-party analytics need your personal information to work. This data is vulnerable to breaches or misuse. Limit the amount of personal information and adjust privacy settings to control access to it. Only use reputable social media tools. Periodically review which apps and third-party tools have access to your social media accounts. Revoke permissions for any that you no longer need or trust.
7. Beware of phishing. Avoid clicking on links in emails, messages, or posts—even if they seem to come from trusted sources or followers. Trust your VPN's anti-phishing browser extension to warn you about suspicious websites.

Get Those Proactive Steps in Place

The key to combating brand hijacking is proactive monitoring. Secure your personal digital profile to avoid double trouble from brandjackers. The more warning you have, the better your chances are of succeeding with registrar interventions and legal actions.