Brandjacking: What It Is, Why It Matters, and How to Keep Your Website Safe

Learn More About HubSpot's Free CMS Software
Nathan Resnick
Nathan Resnick

Updated:

Published:

You’ve worked hard to build up your brand — the last thing you need is people using your brand’s name or image to deceive others. Yet, this happens all too often online.

an illustration of a computer with a skull and crossbones to represent brandjacking

From fake social media profiles to email phishing schemes, brandjacking is a surprisingly common issue that can cause real harm to consumers and brands alike. By understanding common types of brandjacking, how they occur, and what you can do to keep your website and customers safe, you can protect your brand image and make it easier for potential customers to have confidence in doing business with you.

Build your website with HubSpot's Free CMS Software

In this post, we’ll cover what brandjacking is, the types of brandjacking to look out for, how brandjacking harms your business, and what you can do about it.

Common Types of Brandjacking to Watch Out for

Brandjacking can come in many forms, though they usually tie back to the same purpose: Someone falsely assumes a brand’s identity to fool customers, employees, partners, suppliers and others.

Website and Domain Spoofing

Website spoofing involves creating a fake website designed to imitate the website of a legitimate company. These websites will often use the real company’s assets, such as logos and color scheme, to pass themselves off as legitimate.

They will often also obtain a domain that is very similar to the actual company’s. This could involve using “.net” instead of “.com” or picking a domain that is a misspelling of the target company.

As Clare Stouffer writes for Norton, “After a person has fallen for a spoofed website, they will likely carry on with their normal behavior without a second thought. This could include typing in their username and password or entering in credit card information, which is exactly what the scammer is hoping for … The scammer can then use your login information to gain access to the legitimate website, or any other website that uses the same username and password. Or they will have saved your credit card info to then go on a shopping spree on your dime.”

In some instances, spoofed websites may also be programmed to install malware on your device. This could allow cybercriminals to gain control of the computer and/or steal confidential information.

Fake Social Media Accounts

Fake social media accounts are often done for parody or comedic purposes. For example, after the Deepwater Horizon oil spill in 2010, a parody Twitter account with the name BPGlobalPR began posting parody Tweets impersonating BP, the corporation responsible for the incident — and the parody account quickly gained twice as many followers as the actual BP account.

a fake tweet from a parody BP account. The tweet reads, "Please do NOT take or clean any oil you find on the beach. That is the property of British Petroleum and we WILL sue you."

Image Source

These fake social media accounts aren’t always made for laughs — and even when they are, they can hurt a brand’s reputation with its customers. In 2015, a fake Target Facebook account made headlines after providing snarky responses to customer complaints. Target had to issue a public statement to confirm that the account was not actually associated with the brand.

The consequences can be much worse, though. If someone successfully impersonates your customer service accounts, they could ask customers for confidential information like account log-ins or credit card numbers.

Phishing Emails

Phishing is often used in conjunction with spoofed websites to obtain confidential customer information. Cybercriminals send an email to customers that is allegedly from your brand, informing them that they need to update their account or that there is a problem with their payment information.

If users click on the link, it will take them to the spoofed website, where any information they enter will be stolen.

a fake netflix email being used as a phishing attempt

Image Source

Netflix has been a frequent target of email scams. Customers receive an email with Netflix’s logo and a message that “something went wrong,” telling them they need to update their credit card information within three days before their account is canceled.

Not only do these emails take users to a website where their information could be stolen, but many also include a .txt file attachment to install malware on the user’s device if clicked on or downloaded.

The Dangers of Brandjacking for Your Brand

It’s easy to see how brandjacking can hurt your customers. But if left unchecked, brandjacking can have very real consequences for the actual brands as well. Brandjacking can directly impact a legitimate brand’s profit margins through lost revenue, reputation damage, legal fees, and additional advertising costs.

For example, a spoof website might sell fake or counterfeit products using your brand name. Customers make a purchase thinking they are buying from you, but their money is going to a cybercriminal. These lost sales can be directly attributed to brandjacking.

Brandjacking can also have an indirect impact by hurting your brand’s reputation. For example, if a customer has their credit card information stolen after attempting to make a purchase on a spoofed website, they are likely to associate the real brand with scams and fraud. As a result, they will be less likely to do business with that brand in the future and might leave negative reviews.

Customers who come across impersonated social media accounts might not realize that the account is fake and be upset, offended, or misled by the content it produces. In these cases, the brand loses potential future sales because of the harm brandjacking had on its online image.

Waiting too long to counteract these brandjacking incidents can result in costly legal fees and advertising expenses. A brand could file civil litigation for intellectual property rights infringement, but this process can be complex and time-consuming, especially since many cybercriminals operate outside the U.S.

Advanced brandjacking efforts could even see the spoof website appear above your own in search engine results. Heavy marketing costs could be incurred to regain your position in search engine results, while also attempting to warn customers of potential brandjacking concerns.

If you’re not careful, brandjacking can simultaneously increase operating expenses while lowering revenue — not a position any business owner wants to find themselves in.

How to Keep Your Website (and Brand) Safe

Cybercriminals are persistent, and there are a lot of them out there. Protecting your website and your brand as a whole requires a lot of effort. Fortunately, there are a few best practices that can help keep brandjacking from disrupting your online business efforts.

Start by registering a trademark for your brand and its assets, such as its logo and tagline. As the United States Patent and Trademark Office explains, trademarks offer “legal presumption that you own the trademark and have the right to use it. So, in federal court, your registration certificate proves ownership, eliminating the need for copious amounts of evidence,” as well as the “right to bring a lawsuit concerning the trademark in federal court.”

Recording your registration with U.S. Customs and Border Protection can even prevent goods that infringe on your trademark from being imported into the country.

Tools like Memcyco can also go a long way in brandjacking detection and prevention. Memcyco offers real-time brand impersonation monitoring to provide instant alerts of spoofing attempts, and even lets you place imposter site alerts on website spoofs or clones so your customers won’t get scammed while the fake site is up, as it can often take some time before it is taken down.

Similarly, Social Discover uses saved search parameters to find fraudulent or unauthorized accounts mimicking your brand so you can respond quickly.

a website warning the user of an attempted brandjacking

Image Source

In addition to these tools, you can also set up a Google Alert for specific types of brand mentions. For example, an alert for “[your brand name] + scam” will notify you if online users start talking about a potential scam related to your business. Similarly, consider tracking social media mentions as well.

You should also routinely monitor search engine results and reviews for your business on Google or Yelp. This can help you spot scammers who are impersonating your brand online, and (in the case of online reviews) give you a chance to directly respond to customers to find a way to resolve the issue.

If you can afford it, another common practice for preventing website spoofing is to buy domain names that are similar to your real domain, and have them redirect to your website. For example, if you were to search for www.amazon.tech, you’d be redirected to www.amazon.com. By purchasing similar or misspelled domain names, you essentially lock out hackers from being able to use them for their own brandjacking schemes.

By incorporating these actions as part of a broader cybersecurity plan, you will have the necessary framework in place to prevent and mitigate brandjacking attempts.

Keep Control of Your Online Presence

The internet is incredibly useful in helping brands big and small reach their target audiences. But at the same time, there is no denying how easy it can be for ill-intentioned individuals to spoof or hijack your brand.

With consistent vigilance, you can keep brand impersonation fraud from damaging your business opportunities and doing real harm to customers. Your efforts to stay ahead of cybercriminals will be well worth the investment.

content hub

Topics: Cyber Security

Related Articles

A free suite of content management tools for marketers and developers.

LEARN MORE

CMS Hub is flexible for marketers, powerful for developers, and gives customers a personalized, secure experience

START FREE OR GET A DEMO