How to Secure Your Online Brand

How to Secure Your Online Brand
Michael Marriott
Read More From Michael Marriott
March 20, 2019 | 4 Min Read

What is online brand security?

As we outlined in our Practical Guide to Reducing Digital Risk, the integrity of brand and identity is essential in protecting a business. Adversaries are routinely impersonating businesses and critical online services to target customers and significant business transactions: they’re registering domains, creating fake mobile applications, imitating documents sent in email, spinning up spoof social media profiles of key executives – all with the aim of duping people to comply with their schemes allowing them to steal, disrupt, damage or destroy.

Last year’s indictments issued by the United States Department of Justice (DOJ) against an individual associated with Lazarus Group underscored just how effective well targeted phishing can be: culturally relevant, free from spelling and grammar errors, and hitting the right psychological buttons to yield a result.

These types of impersonation are not only of interest to security teams. They are also particularly acute for fraud teams, who are grappling with increasing online payment fraud risks, which are notoriously difficult to measure on a global basis. However, by detecting these impersonation attempts, organizations can better detect the targeting of customers, as well as the sale of fraudulent and counterfeit goods.

 

Top four types of brand risks

There are four main ways adversaries impersonate an organization’s online brand to target customers or employees.

  1. Domain Infringement. Adversaries register web domains similar to your actual domain names, including typosquats and domainsquats. They often use these in phishing, malware or credential harvesting threats. Over a year, the typical Digital Shadows customer will detect approximately 300 spoof domains.
  2. Spoof Company Social Media Profiles. It’s all too common to find social media accounts set up to imitate organizations, often with the view to target customers. These spoofs usually take the form of fake support profiles that seek to dupe customers into clicking on malicious links or revealing their credentials.
  3. Spoof VIP Profiles. This is a similar approach to fake social media profiles, although here the spoofs are of the employees themselves. However, the aims are different as the adversaries use these profiles to launch convincing Business Email Compromise (BEC) campaigns.
  4. Spoof, rogue or malicious mobile applications. As the usage of mobile devices continues to increase, organizations are turning to mobile applications that enable them to better interact with their customers and provide new tools for employees. Unfortunately, cybercriminals also want to communicate with your customers and create spoof mobile applications that seek to harvest their information.

 

Lowering barriers to entry for phishing

Even the least sophisticated threat actors have access to a wide variety of forums, groups, and tools where they can learn the latest phishing techniques, as well as purchase step-by-step tutorials and phishing templates to conduct their campaigns (we outlined many of these tools and techniques in our recent research, Tackling Phishing).

In serving our customers, we regularly see BEC and Whaling attacks routinely combine false domains with out of band communications on convincing looking web services. In some cases, whole call centers are set up to perpetuate the deception. Knowing the location of legitimate assets and detecting the anomalies can help manage this risk.

 

How SearchLight secures online brands

With SearchLight, organizations register their brand names, web domain names, social media handles, and official mobile applications as assets for digital monitoring. Through the SearchLight portal, we provide the most relevant and critical digital risks with complete visibility, context, recommended actions and ways to take down these phishing attempts.

 

Free tools to get started

There are many tools available to identify these impersonations,  such as DNS Twist, Xorz’s Phishing Catcher, and URLCrazy. You can read more about the risks surrounding online brand security in our Practical Guide to Reducing Digital Risk, which outlines some additional free and inexpensive tools that organizations can use to start securing their online brands.

 

To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

3 Phishing Trends Organizations Should Watch Out For

3 Phishing Trends Organizations Should Watch Out For

May 20, 2020 | 16 Min Read

It’s only May, and is it just me, or has this...
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...
COVID-19: Risks of Third-Party Apps

COVID-19: Risks of Third-Party Apps

April 7, 2020 | 7 Min Read

As the global community continues to pursue...