Cybersecurity is a constant concern for modern companies. While enterprises can use several world-class tools to protect their internal networks, they can rarely monitor what goes on outside them. Brandjacking, an increasingly prolific threat, is testing most companies’ security postures. Unfortunately, companies are discovering they cannot account for such attacks.
The US Federal Trade Commission (FTC) considers it a big enough threat to propose new laws to prosecute such instances. So what is brandjacking and what should you know about it?
What is brandjacking?
Brandjacking refers to a malicious actor’s attempt at impersonating a legitimate company to defraud consumers. The malicious actor leverages the trusted company’s brand equity to trick consumers into divulging sensitive information.
These attacks happen outside a company’s network. For instance, a hacker might set up a lookalike website and steal credit card information. A legitimate company has no way of controlling these incidents but suffers from the blowback. Consumers might believe the company has swindled them and create a negative brand perception.
Here are the different kinds of brandjacking attacks:
- Cybersquatting – A hacker impersonates a trusted web domain.
- Subdomain jacking – Hackers can leverage unused subdomains and redirect traffic to a malicious website.
- Clickjacking – A malicious actor causes a pop-up to appear on a legitimate website, redirect traffic, and perpetrate fraud.
- Malvertisements – A hacker runs ads using a trusted brand’s name and redirects traffic to a lookalike website.
Damages associated with brandjacking
Brandjacking occurs outside a company’s network and at first glance, blaming the company for such attacks seems unfair. This is true. However, companies must proactively protect their brands since competitors might leverage these incidents to steal a march ahead.
Here are other reasons why a company must protect against brandjacking.
Any data breach or security incident causes brand embarrassment. Brandjacking, ironically, happens only to companies that have worked hard to establish themselves as leaders in their sectors. After all, if no one has heard of or trusts a company, a malicious actor has little incentive to brandjack it.
Given the effort companies pour into building a brand, protecting it at all costs is logical. Even if the loss of reputation following a brandjacking attempt is unfair, a company suffers a loss of trust with its audience. If the company fails to take any action against the perpetrators or sweeps the problem under the carpet, consumers are more likely to associate that brand with fraud
Some brandjacking attempts can lead to lawsuits that create financial losses. For instance, a malicious actor who leverages an unused subdomain or an unused employee credential to redirect traffic from the company’s website is exposing its security flaws.
In such cases, regulators are unlikely to look the other way and will likely impose hefty fines. Given the existence of stringent data privacy laws like GDPR, companies cannot afford to ignore any attempts at compromising user safety online. The fines that accompany such violations are enough to cripple profits. The fallout from negative publicity following such rulings will further reduce a company’s ability to raise prices and compete.
Diminishing customer trust
The combined effect of the loss of brand trust and potential litigation leaves a company on shaky ground for the future. User trust is critical in supporting a business during challenging times. Repeated brandjacking attacks give the impression that a company is unable to combat malicious actors, reducing user trust.
In turn, these events dim a company’s prospects and leave it in an uncertain position. Consumer trust is a valuable asset when a company experiences challenging economic conditions. During these moments, being able to draw from a stable user base puts a company in an ideal position to increase market share while its competition flounders.
3 ways to prevent brandjacking
Here’s how companies can proactively prevent brandjacking.
As with the rest of cybersecurity, tool usage goes a long way toward monitoring and preventing brandjacking attempts. For instance, Adultblock by Network Solutions blocks a malicious actor from registering a company’s name to an adult domain. Other tools like Red Points monitors the web for impersonation attempts and notifies companies after the fact.
Memcyco, a real-time website impersonation protection tool, enables companies to immediately alert their users when they enter a spoofed brand website and provides the company with full details of the attack, allowing security teams to respond immediately to prevent further damage. Memcyco’s Proof of Source Authenticity solution (PoSA™) also provides an unforgeable digital watermark displayed on brand websites to prove site authenticity to their users.
The right protection and prevention tools can help companies open communication channels with their users and help them build brand trust.
Monitor different attack vectors
An attack vector is the path a malicious actor takes when infiltrating a system or carrying out an attack. In the case of brandjacking, phishing and social engineering are common attack vectors. Attackers send malware-loaded emails or impersonate trusted employees to get people to divulge sensitive information.
Companies must monitor these different vectors always and educate their employees about what to watch out for. Education is critical here. Security awareness training must go beyond mere awareness and change behavior
Continuously validate security approach
Security threats change regularly and continuously validating a security approach is the best way to ensure a company is always protected. Continuous monitoring tools and processes test and mimic a malicious attack, locate holes in a security setup, and work to plug them automatically.
Common attack vectors like misconfiguration errors or DDoS attacks tend to be nullified by continuous security monitoring.
Novel approaches to combat new threats
Brandjacking isn’t a new threat. However, the way attackers are executing it is novel and creates a serious problem for companies. Given the effort and resources companies pour into brand creation, protecting it is the obvious choice.