In retail brand impersonation attacks, cybercriminals pose as trusted retailers or brands to deceive consumers into revealing sensitive information, making payments for fake products or downloading malicious content. Considering that almost every brand today has a strong digital presence, including website(s) and/or social media profile(s), there have never been more opportunities for bad actors to copy brands’ identities. Plus, modern AI tools, such as deepfakes, elevate hackers’ impersonation techniques, making it easier for them to dupe individuals.
Why Cyber Criminals Pretend to be You
In 2023, the FTC received 330,000+ reports of business impersonation scams. Bear in mind, this number only includes reported U.S.-based scams. There are many reasons bad actors create copycat brand websites and social media profiles, but most commonly, they’re motivated to commit fraud, distribute malware and steal data because these tactics are profitable:
- Fraud: By impersonating brands online, cybercriminals can deceive individuals into making payments for fake products or services. They can also impersonate company executives internally, tricking employees into authorizing payment on fraudulent invoices.
- Malware distribution: With fake websites, phony emails and bogus social media profiles, cyberattackers can trick unsuspecting users into downloading malicious software, opening malicious attachments or clicking on malicious links to inadvertently install malware and give hackers system access.
- Data theft: Another motivator for brand impersonation attacks is data theft, which bad actors can then use for credential stuffing, a type of attack where hackers use stolen usernames and passwords to attempt unauthorized logins on other accounts, such as emails, online banking or social media platforms. Considering that 78% of people use the same password across multiple accounts, impersonating a brand to steal customers’ login information can lead to big rewards for cyber criminals.
How Criminals Impersonate Brands
Cybercriminals can impersonate all kinds of brands, but retailers and consumer products are among the top desirable targets because people may have strong brand loyalty and are, therefore, more likely to fall victim to a scam. For example, bad actors can create bogus limited time offers or promotions to persuade shoppers to “buy now” and unwittingly make payments for non-existent products. Retailers’ identities are particularly at risk during the holidays; in 2024, retail-focused cyberattacks surged by 692% during Black Friday weekend compared to early November.
These are other common ways criminals impersonate brands to take advantage of online shoppers:
Advertisement
Phishing websites: One common tactic is to create duplicate versions of a brand’s website, including checkout pages. With only a small variation in the URL, it’s hard for shoppers to notice they’ve stumbled on a scam website — and they may not realize until they’ve already made a fake purchase, handing over their username, password and credit card information to fraudsters.
Phishing websites can be hard to spot as cybercriminals mimic a brand’s real logo, messaging and color scheme to appear authentic.
Fake social media profiles: In addition to fake websites, cyber thieves also create fake social media profiles to further impersonate a brand. The goal is to get users to engage with the fraudulent content and click on malicious links to install malware, to direct social media users to fraudulent websites to harvest login credentials and payment information
Here, criminals also rely on familiarity and brand recognition to make their fake social media profiles look like the real deal, using duplicate colors, images and slogans. Because customers are already used to seeing and interacting with this kind of content, they’re less likely to raise suspicions. Long-term customers are even easier targets, as they’re often brand loyal and more likely to trust what they think is their favorite brand’s messages.
Email spoofing campaigns: Phony emails are some of the most popular types of brand impersonation attacks. While your SPAM filter can capture most of them, many fraudulent emails still slip through the cracks. Like phishing websites, these emails are usually just slightly off brand, making it hard for users quickly scanning their inboxes to spot the con.
Again, cyberattackers’ goal is to entice individuals to click on malicious links or download malicious attachments to steal personal and payment information. In email, it’s very common for criminals to use urgency tactics, like offering a limited time deal or special sale. A sense of urgency makes victims less likely to analyze source legitimacy and more likely to take action without hesitation.
How Brand Impersonation Damages the Business
As a recipient, you may consider a phony email little more than an annoyance. But for retailers, the implications of brand impersonation attacks are serious.
Chief concerns include reputational damage and loss of customer trust. Whether it’s just one customer who has a bad experience, or your organization makes it into the headlines for widespread data breaches, you don’t want the public to associate your brand with fraud. Not only do you risk losing current customers, but you may scare away future prospects. While the repercussions of a damaged reputation are hard to quantify, they are long-lasting and slow to reverse. More tangibly, your business can also suffer financial and legal consequences if customer data is compromised in a breach.
How to Protect your Brand’s Online Identity
Shockingly, two-thirds of brands say they “essentially rely on their own customers as a source of threat intelligence on impersonation attacks.” Considering the consequences of brand impersonation attacks, companies should prioritize developing strategies to detect and deflect these cyber cons. Retailers and consumer brands, in particular, should pay attention; in the last year, brand impersonation attacks on consumer brands increased by 92%, while workplace-focused brands only saw a 9% rise.
Brand protection monitoring and anti-phishing software are good first steps to find and squelch fake websites and social media profiles. It also helps to register domain names similar to your brand’s to prevent criminals from creating lookalike accounts. Enlisting the services of a vendor that provides takedown services for malicious domains can be helpful.
But one of the strongest defenses against brand impersonation attacks is information sharing. By collaborating with industry peers in a global community like RH-ISAC, you can share cyber information and intelligence with other retail and hospitality organizations to help each other identify and prioritize threats, mitigate future risks and formulate an intelligence-driven strategy to protect your brand’s identity.
Pam Lindemoen is the Chief Security Officer and VP of Strategy at the Retail & Hospitality ISAC (RH-ISAC), where she leads security operations, strategic planning and partner engagement. With nearly 30 years of expertise in information security, application development and infrastructure, Lindemoen has held key roles, including CISO Advisor at Cisco and Deputy CISO at Anthem, Inc. She also co-hosts the podcast, Do We Belong Here? (In the Cyber World) and serves on advisory boards for Cyber Florida, the National Cybersecurity Alliance, and the Security Advisor Alliance. She is passionate about fostering diversity in cybersecurity.
