Brand
impersonation
is
a
particularly
thorny
problem
for
CISOs.
Cybercriminals
piggyback
off
a
trusted
brand
to
push
scam
lures
through
various
means
to
onto
unsuspecting
customers.
They
could
disguise
themselves
as
part
of
the
organization’s
IT
team
or
someone
familiar
to
trick
employees
into
clicking
on
malicious
links
or
send
a
message
that
looks
like
it
is
coming
from
a
legitimate
source
to
convince
the
recipient
the
contents
are
real.
Retailers,
product
creators,
and
service
providers
are
increasingly
having
to
deal
with
brand
impersonation
attacks.
Mimecast’s
“2022
State
of
Email
Security
Report”
found
that
90%
of
organizations
experienced
an
impersonation
attack
over
the
previous
12
months.
Further,
the
Mimecast
“2021
State
of
Brand
Protection
Report”
found
that
companies
on
the
BrandZ
Top
100
Most
Valuable
Global
Brands
2020
list
experienced
a
381%
rise
in
brand
impersonation
attacks
over
May
and
June
of
2020
compared
to
before
the
pandemic.
New
domains
suspected
of
brand
impersonation
also
rose
by
366%.
These
impersonation
attacks
include
not
only
the
typical
phishing
or
malware
attacks,
but
also
fraud
that
sells
or
claims
to
sell
products
or
services
on
behalf
of
the
brand.
These
include
fencing
of
stolen
items,
non-delivery
scams,
and
counterfeit
or
grey
market
sales
of
product.
“[Brand
impersonation]
is
a
fraud
problem
and
a
security
incident
problem,”
says
Josh
Shaul,
CEO
of
Allure
Security.
“People
are
stealing
from
you,
and
you’re
trying
to
prevent
the
theft.”
Experts
recommend
that
CISOs
take
a
systematic
and
multidisciplinary
approach
to
this
problem.
The
right
approach
will
not
only
require
technology
like
automated
detection,
but
also
security
leadership
in
helping
business
stakeholders
to
harden
the
brand
on
a
number
of
fronts.
1.
Engage
in
Trademark
Basics
Shaul
says
that
a
“shocking”
number
of
companies
don’t
go
through
the
most
basic
actions
of
establishing
and
maintaining
ownership
of
their
brand’s
trademark.
The
most
fundamental
step
for
hardening
a
brand
from
online
attacks
is
to
cover
the
basics
like
registering
trademarks,
logos,
and
unique
product
images,
as
well
as
keeping
trademarks
up-to-date.
“Once
you
lose
control
of
the
trademark,
somebody
else
might
register
your
trademark,”
he
says.
“It’s
a
real
problem
for
you.
You
can’t
enforce
it
if
you
don’t
own
it,
so
you’ve
got
to
start
there.”
2.
Take
Ownership
of
Online
Landscape
From
there,
the
other
basic
component
companies
need
to
think
about
is
taking
ownership
of
a
brand’s
online
landscape.
This
means
not
only
picking
up
as
many
potentially
relevant
domain
names
as
possible
for
the
brand,
but
also
setting
up
a
footprint
on
all
possible
social
media
channels,
Shaul
says.
“A
lot
of
companies
are
like,
‘Hey,
we
do
social
media,
but
we
don’t
do
TikTok,’
or
‘We
don’t
do
Instagram,’
and
therefore
they
don’t
set
up
a
presence
there,”
he
says.
“If
you
don’t
set
up
a
presence
for
your
brand
on
a
major
social
platform,
there’s
nothing
stopping
somebody
else
from
setting
up
a
presence
for
your
brand
on
that
major
social
platform.
Then
you’ve
got
to
try
to
recover
it,
which
is
kind
of
a
nightmare.
Just
planting
the
flag
is
important.”
3.
Monitor
Domains
Organizations
should
not
only
be
watching
and
monitoring
the
domains
they
own,
but
also
their
domain
ecosystem,
says
Ihab
Shraim,
CTO
of
CSC
Digital
Brand
Services.
“This
means
understanding
the
types
of
domains
that
are
being
registered
around
them
because
it’s
a
multidimensional
cyber
threat,”
he
says.
As
he
explains,
often
larger
enterprises
manage
thousands
of
domains,
which
can
make
it
difficult
to
keep
tabs
on
and
effectively
manage
the
entire
portfolio.
“Companies
need
to
devise
policies
and
procedures
to
monitor
and
mitigate
threats
associated
with
all
their
domains
as
an
integral
part
of
their
security
posture,”
Shraim
says.
He
explains
that
they
should
be
continuously
monitoring
their
domains
and
also
digital
channels
within
search
engines,
marketplaces,
mobile
apps,
social
media,
and
email
to
look
out
not
only
for
phishing
and
malware
campaigns
but
also
brand
abuse,
infringements,
and
counterfeit
selling
on
digital
channels.
“It
is
crucial
for
companies
to
understand
how
their
brands
are
operating
on
the
Internet.”
4.
Leverage
Threat
Intel
Doug
Saylors,
partner
and
co-lead
of
cybersecurity
for
global
technology
research
and
advisory
firm
ISG,
believes
that
organizations
should
leverage
threat
intelligence
to
help
them
with
the
adjacent
domains
and
also
the
tricky
tactics,
techniques,
and
procedures
used
by
bad
actors
in
their
impersonation
attacks.
“Organizations
need
to
invest
in
threat
intelligence
platforms
that
will
help
identify
the
use
of
fake
domains,
phishing
campaigns,
and
other
technologies
to
defeat
the
TTPs
[tactics,
techniques,
and
procedures]
used
to
enable
brand
impersonation,”
he
says.
5.
Consider
Full-Cycle
Brand
Protection
Saylors
is
also
a
big
believer
in
full-cycle
brand
protection.
He
recommends
companies
consider
these
services
—
not
just
for
their
detection
capabilities
but
also
their
expertise
in
mitigation.
“They
should
engage
the
services
of
specialty
firms
that
deal
with
the
full
lifecycle
of
brand
protection
to
ensure
scalability
and
absolute
focus
on
reducing
fraudulent
activity,”
he
says.
“These
firms
have
advanced
capability
to
identify
fake
sites,
catalogs,
and
catalog
entries
and
remove
them
through
industrial-strength
takedown
procedures.”
As
organizations
evaluate
online
brand
protection
companies,
they’ve
got
to
keep
in
mind
that
this
is
another
cat-and-mouse
game
detection
category,
where
mileage
may
vary
based
on
technology
and
how
well
companies
keep
up
with
evasive
behavior
from
the
attackers.
For
example,
when
attackers
found
that
their
scams
were
being
discovered
through
image
processing
and
logo
detection,
they
began
with
simple
evasive
techniques
like
changing
the
image
file
format
and
then
evolved
to
use
multiple
nested
images
and
text
in
a
single
collapsed
image
to
trip
up
detection,
says
Shaul.
“So
now,
unless
you
can
compare
sections
of
an
image,
which
is
a
super
hard
technical
problem
that
some
of
us
have
solved,
you
can’t
detect
these
things
anymore,”
he
says.
“They
just
bypass
the
evolving
detections
that
organizations
are
putting
out
there.”
Another
new
tactic
they’ve
taken
is
creating
generic
fake
shops
and
evolving
them
into
branded
shops
over
time,
he
says.
“The
scammers
are
working
hard
to
understand
how
detection
is
evolving
in
the
industry,
and
doing
things
to
try
to
evade
detection
as
aggressively
as
they
can,”
he
says.
6.
Use
Incident
Responders
Judiciously
Incident
responders
hate
handling
the
mitigation
of
brand
impersonation
because
it
is
a
different
skillset
than
a
lot
of
analysts
who
get
into
the
field
for
fun
investigative
work
and
not
to
chase
down
registrars
to
do
takedowns,
says
Shaul.
Even
if
a
company
can
make
it
fun
for
their
responders,
they
have
got
to
be
careful
that
they’re
using
their
specialized
responders
in
a
cost-effective
way.
He
likes
to
tell
the
story
of
a
banking
customer
that
had
been
putting
this
on
their
IR
team,
who
turned
it
into
a
fun
exercise
by
breaking
into
phishing
sites
that
were
targeting
the
company’s
brand
and
doing
a
lot
of
offensive
security
work.
“The
IR
guys
were
having
a
ball
with
it,
but
they
realized,
‘Look
how
much
time
we’re
spending
basically
just
playing
games
with
the
attackers,'”
he
says.
“They
had
their
best
people
doing
hard
work
to
just
clean
up
after
scams
that
already
happened.”
He
suggests
that
by
knowing
in
advance
that
response
to
these
sites
takes
a
different
skillset
than
advanced
analysts
have,
this
might
be
a
way
to
break
in
new
security
ops
personnel
and
give
early-career
responders
some
experience
through
a
planned
career
path
that
starts
with
impersonation
takedowns.
7.
Proactively
Build
Law
Enforcement
Relationships
Additionally,
organizations
should
understand
that
they’re
likely
going
to
need
to
help
from
the
authorities
in
many
of
these
cases.
Saylors
says
that
CISOs
should
be
working
to
proactively
build
partnerships
with
law
enforcement
agencies
and
other
relevant
government
authorities
around
the
globe.
“They
should
also
have
direct
relationships
with
law
enforcement
organizations
that
will
pursue
and
prosecute
the
criminals
responsible
for
brand
theft
and
the
resulting
revenue
loss
to
legitimate
companies,”
he
says.
8.
Educate
Consumers
and
Employees
Frequent
and
detailed
awareness
campaigns
for
customers
about
what
brand
impersonation
looks
like
compared
to
the
real
deal
can
go
a
long
way
toward
curbing
their
risk
of
falling
for
common
frauds.
“Organizations,
other
than
large
banks,
tend
to
fail
in
this
area
due
to
concerns
about
scaring
their
customers
away,”
he
says.
But
actually,
awareness
campaigns
like
this
can
bring
customers
closer
to
the
brand
when
they’re
done
right.
Here’s
a
great
example
of
what
an
awareness
site
can
look
like.
This
is
a
detailed
fraud
awareness
article
put
together
by
Burton
Snowboards
that
provides
examples
of
fake
Burton
scam
sites,
with
clues
for
their
customers
to
look
for
in
detecting
a
scam
and
some
additional
pointers.
Communications
like
these
can
be
used
as
a
technique
to
not
only
build
trust
and
goodwill
among
customers,
but
also
build
up
the
brand.
9.
Differentiate
Your
Brand
One
final
thing
that
CISOs
can
encourage
their
organizations
to
do
is
to
find
ways
to
ensure
all
of
their
sites,
pages,
and
experiences
are
visually
and
contextually
recognizable
as
part
of
the
brand.
This
is
an
opportunity
for
collaboration
with
the
marketing
department.
Not
only
can
customers
recognize
distinctive
brands
more
easily,
but
it’s
also
a
lot
easier
for
automated
detection
searches
to
automatically
find
impersonated
images
and
logos
out
in
the
wild,
says
Shaul.
“Ensure
there’s
something
a
little
bit
different
about
your
brand
that
makes
it
so
that
your
customers
and
even
your
employees
can
recognize
it.
That’s
great
for
marketing
but
also
helps
security
in
a
big
way,”
he
says.
“The
more
your
brand
has
differentiated
itself
with
the
way
it
looks,
the
way
it
feels,
the
way
it’s
set
—
with
little
things
like
how
your
VPN
looks
—
and
the
easier
it
is
to
protect
the
brand.”
About Author
