Consider a start-up gift shop established with customers and sells its products through its online store. Criminals will create a fake social media account, copy all the material from the real online store, and start to follow the real store’s customers. Criminals will then send a link to their fake websites to real customers.
When everyone is hurrying to purchase gifts online, it's easy to fall for this trick and find that personal credentials and card details have been stolen.
A key step in Brand Impersonation Attacks is for an attacker to purchase a website domain that is closely related to the real domain. This can be done in a variety of ways:
- Changing characters in the root domain of a website. This is a rare type of attack, but certain characters look similar to the alphabet but are processed differently by websites.
- If a website is called www.buytoolshere.co.uk, then an attacker may publish the domain www.buytoolshere.co.uk - while this doesn’t look different to the eye, the attacker has used special replaced the o’s in tools with special characters that are hard to detect - meaning the domain is different, but looks incredibly similar.
- Changing the top-level domain (TLD) of the legitimate website.
- If the real site is www.thisismywebsite.co.uk, the attacker may publish the fake site under www.thisismywebsite.com if the victim does not own that domain. This can be repeated with other options, including .co, .uk, .net etc.
- Changing the root domain of the victim's website.
- If the real website is www.myautos.com, the attacker may publish their website under the domain www.automotives.com to fool any users into selecting the wrong website.
What examples of Brand Impersonation exist?
Brand Impersonation has a long history of fraud as it’s a well-known technique and can be very effective. When voting for TV shows by phone was first popularised, phone lines were set up by fraudsters (with similar phone numbers to the real TV show phone line) to charge victims as high as £20 per call. This tactic relied upon victims to misdial.
A good example was a website set up to target government services. Fraudsters created a fake DVLA driving test website and used Google adverts to promote it. The web address they used was very similar to the real DVLA website, and when a victim googled “Book a driving test,” the fraudulent site was number one in the search results. After visiting the website, the fraudsters would charge victims twice as much as the actual DVLA website but with no test, so it cost victims three times as much in the end.If your business has been targeted through Brand Impersonation or you want to discuss ways to prevent this from happening. Please contact us to learn more about our services - such as a Digital Footprint Assessment.
How can I prevent Brand Impersonation?
eCommerce site owners should consider the following:
- Criminals often purchase web addresses close to the brand's domain to fool customers. Simply by googling their website and brand, they can see if there is any suspicious activity going on.
- Monitoring online activity by googling your brand is good practice.
- It's good practice to do the same on all social media platforms to see if there is a fake copy of your brand out there. Remember to report suspicious activity to the relevant social media platform
How to respond if you’re a victim of brand impersonation
- Make your clients aware of the threat and encourage them to be vigilant when they shop online
- Send out an email newsletter explaining the situation, clearly stating your company's legitimate/real website, also clearly state the suspicious website(s) that clients should avoid
- Consider putting out an announcement on any active social media channels/platforms
- Consider putting a temporary warning banner/message on your company website, again informing your clients/visitors of the suspicious websites that they should avoid using
- Report suspicious activity to Action Fraud. Action Fraud works with internet providers to remove fake sites.
- Consider following NCSC Guidance on reporting suspicious/malicious websites to the domain provider they are hosted on.
- Check to see if your website has any vulnerabilities with a Website Vulnerability Assessment