3 Steps For Reducing External Brand Threats

An organization’s brand is one of its most valuable assets – and one of the easiest targets for cybercriminals. Businesses must extend their security and fraud posture beyond traditional network monitoring to protect their brand from reputation, revenue, fraud and compliance risks.

That’s easier said than done: the global pandemic has accelerated organizations’ digital transformation and created new attack surfaces beyond the perimeter. Today, fraud, risk, and security teams are expected to protect an organization’s digital assets, customers, brand, and executive reputation across the surface, deep and dark web, social media, mobile app stores, and email.  And they’re expected to do that despite a global cybersecurity skills shortage.

Organizations’ inability to properly monitor external threats across their digital footprint has increased their risk: this blind spot can compromise an organization’s (and its executives’) brand reputation; lead to fraud attacks (including phishing, malware, BEC); Account Takeover (ATO) attacks (credential compromise/theft); data leakage (IP, PII),  and other major security, compliance, HR, marketing, and personnel issues.

Here are three steps an organization should implement to reduce the impact of external threats targeting your brand:

1. Identify the most valuable social media and digital assets associated with your brand. Start by listing your accounts and imagining if they were compromised, or if fake accounts impersonating your real corporate accounts were created. Consider what the impact on your brand and business would be, then prioritize your accounts accordingly.

2. Create a monitoring strategy, which should consist of:

  • Domains & SSLs – Closely monitor newly registered domains and sub-domains associated with newly registered or newly updated SSL certificates
  • Phishing Websites and Emails – Monitor for phishing sites, or websites that mimic your legitimate site and attempt to acquire sensitive personal information from your customers. Make sure to also look out for scams utilizing your brand, including Phishing, Smishing, Vishing, and Reverse Vishing.
  • Mobile App Stores – Monitor mobile app stores to gain visibility and stay ahead of potential damage caused by unauthorized and unsupervised apps ‘associated’ with your brand.
  • Social Media – Social media continues to be a highly used and highly targeted platform for cybercriminals to exploit. Monitoring social media platforms helps your organization understand if impersonation accounts were set up, or if fake promotions linked to malware or ransomware are misrepresenting your organization. Also, organizations should ensure their corporate social media posture has updated policies, employee trainings, regular audits and vulnerability assessments conducted to properly prepare for compliance reviews.
  • Executives, board members, & VIPS – We are seeing many fake profiles created to impersonate organizations’ executive teams. This is typically the first step in a targeted spear phishing attack. By monitoring VIPs’ profiles, an organization can protect itself against business email compromise scams (BEC), spear phishing, impersonations, ATO, credential theft, and doxing extortion.

3. Establish a takedown process before you need it: If you uncover external threats targeting your brand, it’s critical to have a rapid takedown process on hand so you can act immediately. Here are some factors to consider if you’re developing this process:

  • Qualify the scope of the attack: Ensure you identify any additional resources related to the attack, including redirections, frames, and drop points. Next, ensure you take down each of those resources.
  • Contact all hosting authorities related to an attack: Attacks must be analyzed to determine all the involved authorities: ISP, webhosting, registrar, registrant, hijacked website owner, etc. Make sure to contact each authority.
  • Follow-up and communicate in the local language with relevant authorities: In addition to the initial takedown request, follow-ups with the relevant authorities should be conducted along with the local CERT or Cyber Police. You will develop stronger relations and quicker response times if you communicate in agencies’ local languages.
  • Create a customer communication plan:  Remember, brand reputation attacks destroy customer trust. If an attack using your brand resulted in damage to your customers in any way – including identity theft, account takeover or fraudulent payments – then it’s critical you have a strong communication plan to sustain that trust and not lose future revenue.

These steps will allow you to increase your visibility into external digital threats and effectively manage your digital risk against fraud and brand abuse. Doing so will allow you to improve your customer experience, brand reputation, retention, revenue and trust by decreasing identity theft, account takeovers, and fraud incidents.


Check out: Top 5 Brand Impersonation Attacks

Armen Najarian

CMO + Chief Identity Officer

Armen is a 15-year Silicon Valley veteran with deep experience leading the marketing function for fast-growing fraud prevention, predictive analytics, and cybersecurity companies. His most recent leadership roles include CMO positions at Agari and ThreatMetrix, the latter of which he established as the definitive category leader for digital identity solutions.