Online Brand Abuse is a Cybersecurity Issue
Over the last two years, there has been a huge shift in the way consumers and users engage with businesses, with a significantly heavier emphasis on online internet-based activities and presence. Businesses are paying attention to these changes, but so are cybercriminals and other malicious actors. In fact, the Internet Crime Complaint Center (IC3) reported a 65% increase in global exposed losses between July 2019 and December 2021, partly due to the increase in virtual business as a result of the pandemic. We see companies with trusted brands have customers that will engage with them for years. Cybercriminals want to take advantage of this, resulting in an understandable increase in internet-based crimes and infringers looking to abuse trusted brands and their reputations. This can lead to consumers losing confidence in these brands and derailing the interactions meant for the trusted organizations, resulting in lost revenue and business opportunities.
Track Online Abuse Issues
Historically, many companies used a variety of methods to track abuse issues (such as fraud and counterfeiting) and brand sentiment, but the recent increase in online activities necessitates an even stronger emphasis on online brand protection. There also needs to be an evolution in how companies implement their online brand protection programs, as traditional methodologies can’t keep up with the rate of online brand abuse. In fact, many companies don’t understand the depth of the challenges and the growth in the number of channels where this infringing activity takes place.
Organizations spend lots of time and money building a trusted brand—all of which can be stripped away in a short time by the fallout of online crime. The best way for companies to protect their brand is to implement an online brand protection program that combines online monitoring (to identify infringing content) and enforcement activities (to remove said content). Complementary solutions, like the use of blocking networks—which can incorporate partnerships with browser producers, ISPs and other security information and event management service providers (SIEMs)—to block fraudulent websites from internet users, can also help to create a more comprehensive approach. Using these methods to track and remediate activity by infringers should also run alongside a program of secure domain name management, allowing the brand owner to administer and protect their own official domain portfolio.
Some of the key benefits of implementing an online brand protection program are:
• Identifying online brand-related criminal activity
A comprehensive brand protection program can help to identify instances of online fraud (e.g., phishing or the trade in stolen credentials), the sale of counterfeit goods and other intellectual property breaches (e.g., brand name misuse to mislead customers and drive web traffic to third-party content).
• Identifying other online brand references
Understanding how your brand is being used—and abused—by third parties is both important and valuable in its own right. It can raise awareness of issues like potential brand confusion, brand dilution and brand usage breaches, which could affect the value of your brand.
• Identifying negative customer comments or boycott activity and reputation management
Frequent negative commentary can impact your trusted brand value or public perception of your brand. This content is tough to remove from the internet, as it’s protected by freedom of speech; however, being aware of the negative comments can prove valuable to brand owners, giving them the opportunity to put out an appropriate counter-message or to change their product strategy as a means of counteracting the negative buzz. The most important thing is to take some action, but without being too heavy-handed and thus running the risk of being labeled a ‘brand bully’.
Monitoring Solutions for Trusted Brands
A comprehensive monitoring solution should use a range of approaches. General internet content can be monitored using a combination of search engine queries, web crawling, and direct searches of known sites of interest. Branded domain names can be identified through zone file analysis and other techniques, with the most sophisticated technologies able to detect brand variations—for example, misspellings and other fuzzy matches—and use artificial intelligence (AI) technology to detect trends and build links between infringements.
Strategies and Tactics
There are a variety of enforcement strategies and tactics that an organization can use. The first thing to do is have a checklist/toolkit approach, which includes a standardized, easily scalable list of activities that can be undertaken to address infringements. This approach allows the trusted brand owner to use simple, low-cost approaches as an initial step, while reserving more complicated or costly options as escalation routes if initial takedown attempts are unsuccessful. This process can start with identifying the infringement, verifying its source and then, if appropriate, sending a cease-and-desist letter to the criminal saying, “We’ve uncovered your illegal activity, please stop and take this down.”
If there is no response to these initial enforcement tactics, companies should then think about escalation approaches —including notices to registrars or hosting providers—and then ultimately consider dispute resolution or legal options. Platforms like social media sites and e-commerce or mobile app marketplaces may also have their own built-in IP protection programs that can be leveraged. In other cases, alternative actions like search engine de-listings or payment gateway suspensions may be appropriate. It’s best to have a range of approaches available, but always start by taking down the high-impact targets. Companies often don’t realize it’s not necessary to take everything down—be tactical by starting with the ones that hurt your brand the most and have the largest audience.
As more platforms are created, brand protection and brand insights are more important than ever. Brand leaders should receive reports on a daily, weekly and monthly basis to understand the nature of the activity that can damage your organization—and, most importantly, what needs to be done to actively protect your trusted brand.
