A sharp rise in “brand abuse” scams could threaten your digital business strategies in 2022—and cost your company and its customers billions.
During the third quarter of 2021, the number of phishing sites, phony mobile apps, and fake social media pages impersonating brand-name companies jumped 274% on an annualized basis, according to our latest quarterly Fraud & Payments report.
Sometimes called “brand exploitation” or even “brandjacking,” brand abuse impersonations now figure into nearly half of all cyberattacks worldwide. It’s easy to see why. Ever the opportunists, fraudsters have capitalized on the dramatic shift to digital everything—working, shopping, learning, dating, gaming, and more—during the COVID-19 pandemic.
They’re hitting pay dirt, too. According to the Federal Trade Commission, consumer losses associated with brand abuse spiked 85% from October 2020 through September 2021. The price tag: More than $2 billion in the US alone.
As captured in our report, brand abuse played a role in 45% of all attacks detected by the Outseer FraudAction team during the third quarter of 2021. Yet as troubling as that may be, specific findings suggest impersonation scams could represent a costly risk to companies of every size and industry in the year ahead.
Immaculate Deceptions: How Fraudsters Abuse Your Brand
Perhaps it’s sham text messages and voicemails from Amazon or one of your company’s key vendors. It could be a bogus “blocked account alert” purporting to come from Chase. Maybe it’s a spurious social media page and site hawking counterfeit NFTs by someone posing as a celebrated artist or celebrity.
Whatever the case, they’re all designed to look like the real deal. And all are crafted to trick your customers, employees or other consumers and businesses into authorizing money transfers or revealing login credentials or other sensitive data. And it’s happening at an unprecedented rate.
Out of 56,000 fraud attacks Outseer identified from July through September of 2021, 14% involved phishing attacks through email or text message, even as the number of attacks involving Trojans deployed into corporate sites continued to decline.
While scams designed to deposit malware require resources and are tougher to monetize as corporate defenses harden, fraudsters are finding it’s far easier to hack the human mind using social engineering ploys that provoke anxiety or prod curiosity or desire.
According to data in our Q4 report, half of all “traditional” phishing attacks target consumers and businesses in the US, Spain, and South America. Three-quarters of these attacks are launched from hosting servers within the US. Of growing concern: the rising number of fraudulent social media pages and, most especially, rogue mobile apps.
In 2021, social media firms like Facebook and Twitter took down more than 1 billion fake profiles. And as captured in our own data, the number of fraudulent brand mobile apps available through legitimate app stores nearly doubled in just 90 days, and now account for nearly 40% of all fraud attacks.
Fighting Back Against Big Losses
For consumers who fall prey to these impersonations, the average loss is $1,000—though it can get distressingly higher.
When it’s a large business that’s victimized, these attacks can lead to an average $5 million in loss. When impersonation attacks lead to a data breach, it costs US-based companies another $9.05 million on average, per incident. And these are all before any regulatory fines, which can run as high as $487,000 or (much) more.
That’s just the start of it. Get impersonated, and your brand could take a hit to reputation and revenue as your customers and prospects grow wary of your legitimate digital marketing campaigns and channels. According to Forrester, lost customer trust and even heightened customer suspicion can impact a company’s revenue by 10% to 25% in a single year.
The situation is so dire that the FTC is now formalizing bans against impersonating businesses and government agencies after a recent Supreme Court ruling making it harder for authorities to recovery money for scam victims from the perpetrators.
Preventing brand abuse is complex and fast-moving. Organizations are advised to source fraud intelligence and cyberattack takedown services that monitor the web, app stores, and social media platforms 24/7 to detect and shut down brand impersonation rackets before they can cause serious financial and reputational damage.
To learn more about brand abuse and other risks to your organization and how to disrupt them, download the Q4 2021 Fraud & Payments report from Outseer.