• ProgIST CyberSec Division

Brand Impersonation and Lookalike Domains – How to prevent your customers from getting duped


What is Brand Impersonation?


Impersonation refers to intentionally replicating other person's characteristics, such as their speech, appearance, behavior, or expressions etc. Just like inter-person impersonation, brand impersonation is a particular organization holding a brand name gets targeted for the enactment. Brand impersonation occurs when an impostor creates a page or an account on social media or sends out mails pretending to be the targeted brand, using it to gain confidence of entrusting consumers or to conduct other activities that sabotage the reputation of the brand. This is an increasingly common problem on the social networking channel that thousands of brands are forced to deal with each day.


Brand impersonation is BIG business


In modern times, scams that trick victims into thinking they are dealing with a genuine brands or service providers they trust are not new, but there are new developments making these attacks more intense and visually bona fide. The growing sophistication of cyber-criminals come through carefully studying the profile, the types of victims they want to target and even set fraud quotas for their criminal employees in the organization who can help them in carry out scams.


Another factor is the ease with which scammers can use brands’ own tools to cloak their identity. Copying a brand logo or even a validation symbol like the Twitter check mark takes only a few minutes and minimal skills. Because email was originally developed without safeguards to verify sender’s identity, many if not most brands’ domains are open to these tech-savvy malicious users. Without raising any alarms, scammers can launch phishing attacks on brands’ customers that appear to come from the brand’s genuine email accounts. This practice is commonly known as domain spoofing.


In the most recent high-profile coronavirus scam, an email supposedly from the World Health Organization (WHO) was sent around the world requesting donations. The sender’s address was ‘donate@who.int’, where ‘who.int’ is the real domain name for WHO. The email was confirmed to be a phishing scam, but at first glance, all signs pointed to the sender being genuine, as the domain belonged to the real WHO.


Read more about the WHO impersonation in our blog DMARC: A vaccine against Coronavirus scams


Automation has dramatically increased the speed and scope of brand-impersonation fraud attempts, too. Scammers now send nearly 30 phishing emails every second and launch a new impersonated phishing domain every five minutes. The result is a blizzard of brand fakery targeting consumers and damaging brand reputation.


The domino effect of impersonation scams on brands


Impersonation scams can damage brands name in more than one way. First and foremost, scams take away customers. Victims of these attacks i.e. customers can blame the brand for not preventing the fraud by setting up necessary safeguards, and research shows that nearly 65% of consumers stop shopping with a brand after one bad experience. Other victims, as well as future customers who learn about the scam in the media, may hesitate to open future emails from that brand, and that can cause marketing email campaigns lose effectiveness because of lack of trust for the brand. News reports and social media discussions can also steer potential customers toward other brands.


A lot of damage control also essential in phishing scams. Brands that are targeted need to send a warning their customers about the impersonation scam. They also need to try to find out the reason behind the phishing attacks, its source and employ countermeasures to ensure that the fraudsters are unable to use the brand’s domains or lookalike domains to send email to its customers.


Reducing the risk of brand impersonation


There are three core areas that help companies protect their brands from abuse by scammers: Communication, Security and Monitoring.


Communication: Including a safety policy in the customer-facing emails, on your social media accounts, and on your site, stating along the lines of “Brand ABC will never contact you to ask for your customer login or payment card information.” Visual communication matters too ! So it is advisable to keep your logo, colors, and other visual branding elements consistent across channels, so that any knockoffs are easier for customers to spot. And when scammers target your brand, let your customers know what to watch for.


Better security: Create strong passwords for your brand’s social media accounts, keep a running list of who has login access, and update passwords when there are staffing changes. To prevent domain spoofing, implement a DMARC sender authentication policy on all your email domains. This open-source protocol gives domain owners the power to detect and block unauthorized users.


Monitoring: Use social monitoring tools to keep tabs on brand mentions and conversations. Report scam accounts when they appear and delete comments on your pages and posts by accounts impersonating your brand. For email, DMARC will show you who is sending emails from your domains and can flag or reject suspicious outgoing messages. Finally, respond quickly to customer reports of scammers abusing your brand.


Protecting your brand from impostors requires attention to what is happening in your brand’s communication channels, as well as regular security improvements. These efforts are a good way to drive scammers away from your brand in search of easier targets. They are also a must to build and maintain trust with your customers in an age when brands and consumers need to be allies in the fight against cyber crime.


Since email becomes the primary communication medium between the brand and its customers, it is very essential for organizations to ensure that no mails are sent to their customers using their domain or any lookalike domains.


In relation to this, Google has come up with a bundle of security enhancements for G Suite services in a recent announcement, and one of the biggest announcements is about Gmail. Google has announced its alliance with the Brand Indicators for Message Identification (BIMI) group, which enforces an email feature that adds brand logos to authenticated emails. Google confirmed that their BIMI pilot will enable organizations, who authenticate their emails using DMARC, to validate ownership of their corporate logos and securely transmit them to Google. Emails are authenticated using the existing DMARC system. Once these authenticated emails pass all of the anti-abuse checks, Gmail will start displaying the logo in existing avatar slots in the Gmail UI. To read more about the Gmail integration with BIMI, read our article.


As new organizations are born each day, email security is important and plays a vital role in every organization and there should be necessary actions taken to make sure there is no security breach. It becomes the responsibility of every business to protect themselves, their clients’, and employees' sensitive personal information.


How can we help?


ProDMARC is built on a mission to achieve a secure and spoofing free email channels across all of internet space; makes reporting of DMARC, providing volumes and trends of the outbound mails including that of phishing campaigns and yield confirmation for reliability of the outbound mails in terms of SPF, DKIM & DMARC conformance; smooth and uncomplicated. It helps in gaining visibility on your email domain getting used on your behalf by third parties. It’s important to gain visibility of unauthorized emails which might be getting sent from your brand; ensures that emails do not get blocked due to misconfigurations, making the best use of the customer email communication; generates actionable threat intelligence feeds for your security and transaction monitoring systems helping to block targeted attacks proactively and also helps in identification of lookalike domains for your brand.


To summarize, ProDMARC helps improve customer trust in email communications


With the economy in slump, ProDMARC announces a limited-time offer during the ongoing pandemic — 15 days of DMARC health assessment report, completely free for all organizations who wish to gain visibility of the mail based phishing threats which are at an all-time high.

Sign up for your 15 day ProDMARC trial by writing to us on info@progist.net

  • LinkedIn
  • Twitter
  • Facebook

© 2020 by Progist.