How to Ramp Up Brand Impersonation Protection

6 minute read

The chances are you’ve seen it before. An advertisement on instagram for your favorite sunglasses at a low price, a suspicious email requesting payment from your bank, a phone call from a government organization. All of these acts fall under the umbrella of brand impersonation: using the good reputation of a business or organization to harvest customer credentials or personal information. Brand impersonation protection has become a critical part of many organizations’ defensive security posture, and for good reason. As organizations become more reliant on digital platforms for brand awareness and service delivery, ensuring that customers are interacting with your legitimate brand is critical. 

What is Impersonation Protection?

Impersonation protection refers to the act of deploying preventative and defensive technologies and procedures in an effort to deter individuals from mimicking you or your brand. Impersonations can be found on many platforms, but they all rely on the same inherent tactic: leveraging the logo, trademarks, name and visual likenesses of your brand to trick customers, siphon revenue and steal information. Typically, impersonation protection covers a combination of social media, domains, mobile apps and email. 

Brand Impersonation Damage

Brand impersonation is one of the most effective ways for bad actors to gain direct, uninterrupted access to an organization’s customers, leading to millions of dollars in lost revenue, massive losses of PII, and reputational damages that can cripple businesses. 

One impersonation tactic that has grown in popularity due to its success rate is email based impersonations, also known as business email compromise (BEC). Business email compromise involves an attacker impersonating a brand or executive via email in order to trick employees of that organization to send direct funds or release sensitive information. The FBI’s Internet Crime Complaint Center (IC3) estimates that the yearly impact of BEC attacks is more than $1.7 billion according to its 2019 report. While this seems like a staggering number, this only represents email-based impersonations. We will discuss the various mediums utilized by attackers in a subsequent section and how brand impersonation protection can be utilized across each.

Sites and Positions That Are At Highest Risk for Impersonation

Regardless of your industry or position, brand impersonation can be a costly and common occurrence. Any organization or individual can be targeted, but as with most attacks, the bigger the target the higher the reward. It is no coincidence that some of the most commonly impersonated brands, Google, Microsoft, and Amazon are also some of the largest in the world. These large brands have garnered very high reputation with end users and as such are easy targets for hackers.

Organizations that manage user credentials are a ripe target for brand impersonation. Within minutes, a bad actor can stand up an impersonating landing page or account and begin targeting end users. Any user who falls for that phishing attack has now provided the attacker with credentials that could provide access to numerous other sites. 

High level executives are also common targets for brand impersonation, this method of attack is commonly referred to as whaling (a reference to large target vs. phishing). A simple email from a known business partner or industry executive requesting a funds transfer for a past due bill can result in massive losses that are not easily traced.

Methods of Brand Impersonation

Brand impersonation can be perpetrated in dozens of ways across a handful of mediums. Some of the most common platforms for the act include email, web, and social media. These mediums allow for anonymity on the part of the actor and can easily be spun up to quickly create multiple attacks. 

Email is the most commonly proliferated impersonation attack tool, mainly because of the minimal effort required to build the attack. Creating a new email address is simple and spoofing that email address to look like that of a known brand or individual can be done without any special tools or know how. Attackers taking advantage of the COVID-19 pandemic have been sending fake emails claiming to be government officials, theWHO, and the CDC in an attempt to extract personal information from individuals. According to Neil Kumaran, Product Manager on the Gmail Security team, Google “saw 18 million daily malware and phishing emails related to COVID-19” in April 2020. While Google was able to intercept a majority of these attacks, the impact from those attacks that go uncaught is dangerous.

Domains offer hackers another impersonation attack tool. Detecting spoofed domains can be tricky because they often rely on methods such as homoglyphs or typosquatting, making brand impersonation protection in this realm that much more difficult. In their most simple form, domain based impersonation attacks utilize a duplicate version of the target brands website, with the specific intent of collecting login information or delivering malware. Impersonating web pages usually contain the target organization’s logo, font, color scheme and style in an effort to trick the end user into not noticing the difference. In most cases the only difference is the actual URL. Attackers utilize slight variations or character swaps, also known as domain spoofing.

Sample ZeroFox alert of a spoofed domain

When it comes to social media, the instant access to specific groups of users with similar interests makes it a notorious target. The social networks do their best to mitigate known malicious accounts but the sheer volume makes it difficult. Between Jul and Sept 2020 approximately 1.3 billion fake Facebook accounts were disabled by the social network.

Sample fake Elon Musk social media account

The fake accounts can be used for a broad range of attacks from customer support scams, where an individual pretends to represent a known business, to impersonating retail stores and selling fake goods on various marketplaces.

Regardless of the tactic or delivery mechanism, identifying and defending against brand impersonation requires vigilance.

What You Can Do to Improve Brand Impersonation Protection

There are numerous steps you can take to limit potential exposure to brand impersonation and it starts with claiming your territory. Make sure your customers know how to access your real customer service representatives, your legitimate social media accounts and website. Ensuring brand protection on social media through verified social accounts also makes it easier to identify spoofed or malicious accounts targeting your brand. Additionally, you should make it clear to your customers that your business or organization will never reach out to them via phone calls or text message asking for personal or account information.  

The most effective way to improve your Brand Impersonation Protection is by implementing a security vendor like ZeroFox that is purpose built to identify and remove impersonating accounts, websites, emails and phone numbers. ZeroFox’s brand protection software and advanced email protection secures your organization against account takeover, fake accounts, spoofed domains and scams targeting customers, in which attackers exploit brand logos, messaging and product photos to defraud customers. ZeroFox comes pre-packaged with rules and policies targeting the identification of these impersonation attempts. 


Brand Impersonation attacks are here to stay, but you can minimize risk and turn the tables on the attackers by following our recommendations and partnering with ZeroFox. With ZeroFox Brand Protection, you’ll be protected not only against impersonations, but other brand abuse such as phishing, scams and fraud. Learn more about our brand protection solution here. 

See ZeroFox in action