Home / Blogs

Brand Impersonation Online is a Multidimensional Cybersecurity Threat

Brand impersonation happens much more often than people realize. In CSC’s latest Domain Security Report, we found that 75% of domains for the Global 2000 that contained more than six characters from the brand names were not actually owned by the brands themselves. The intent of these fake domain registrations is to leverage the trust placed on the targeted brands to launch phishing attacks, other forms of digital brand abuse, or IP infringement that leads to revenue loss, traffic diversion, and a diminished brand reputation. There are endless domain spoofing tactics and permutations that can be used by phishers and malicious third parties.

Below, we include common homoglyphs, as they are one of the most egregious attack methods used by threat actors today:

Whose job is it to fix?

Last week, Ericka Chickowski published two articles in Dark Reading on brand impersonation. The first—“Why CISOs Should Care About Brand Impersonation Scam Sites”—talked about the problem and how companies “don’t know whose responsibility it is to monitor for spoofed brand sites and scams that steal customers’ trust, money, and personally identifiable information.” Brand impersonation and lookalike domains can certainly be a legal issue in terms of trademarks, and a marketing issue in terms of consumer trust. But it’s also an issue for chief information security officers (CISOs) and cybersecurity incident response teams. As CSC’s Digital Brand Services chief technology officer (CTO), Ihab Shraim, points out in Chickowski’s first article, incident response teams don’t have the specific data feeds needed to manage the problem. CSC encourages its clients to have a digital brand governance cross-functional team to manage concerns about securing the brand within all digital assets.

Challenges for the cybersecurity incident response teams

Incident response teams receive log data from firewalls, network devices, operating systems, endpoints, and applications within their enterprise, residing in data centers or cloud infrastructures. The data is aggregated in a security information event management (SIEM) or security orchestration, automation, and response (SOAR) platform for SOC personnel to process and analyze critical alerts as fast as possible. According to Shraim:

“The main challenge experienced with SOC personnel is alert fatigue due to the sheer volume of alerts, duplication, and unfiltered events. Moreover, the external attack surface for brand impersonation, such as phishing and domain hijacking attacks, are entirely built and launched by bad actors on the internet. Therefore, the SOC security teams don’t have such data feeds, nor are they trained to mitigate such threat vectors by taking down malicious websites or speaking with a registrar to delete a domain name.”

The external attack surface for brand impersonation is the entirety of the internet, and security teams need a multidimensional view of various threat vectors outside their firewall targeting specific domains. Additionally, anyone can register an available domain name at any time, at a low cost, making these threats a constant challenge.

How can companies protect themselves?

With corporations owning multiple brands, and hundreds or even thousands of domains within their portfolios, it’s crucial to have a proactive, rapid detection and deactivation solution to manage the threat of domains imitating brands. The second article published in Dark Reading last week—“What CISOs Can Do About Brand Impersonation Scam Sites”—provides a holistic view of how companies should approach this problem. According to Shraim:

“Organizations should not only be watching and monitoring the domains they own, but also their domain ecosystem. This means understanding the types of domains being registered around them, because domains are a multidimensional cyber threat. Companies need to devise policies and procedures to monitor and mitigate threats associated with all their domains as an integral part of their security posture.”

Companies need to use solutions that leverage domain name monitoring and detection via automated machine learning to accurately identify all newly registered, re-registered, and dropped domain names, and mitigate cyber threats. Moreover, the technology should be capable of identifying active threat vectors such as phishing and malware cyberattacks launched against their brands across all key digital channels—because domains are a multidimensional cyber threat.

An ongoing and proactive dynamic brand monitoring program for threats outside the domain portfolio will provide companies with a 360° view of various threat vectors outside the firewall targeting specific domains, so that they can protect and manage core and tactical domain names, and protect all online digital assets.

By Sue Watts, Global Marketing Leader, Digital Brand Services, CSC

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byDNIB.com

New TLDs

Sponsored byRadix


Sponsored byVerisign

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global