Foiling the Fakes: A Retailer Battle Plan to End Brand Fraud
Imposter scams were the most common type of fraud reported to the U.S. Federal Trade Commission (FTC) in 2022. Consumers lost $660 million in the U.S. alone to business impersonation scams that year. Brand impersonators and counterfeits have always been a problem for retailers, but technology is making it easy for organized imposters to run scams at scale in markets around the world. For example, research from ClearSale showed an increase in cybercrime-as-a-service offerings, such as phishing-as-a-service products that enable criminals “without any prior experience in website or checkout design” to impersonate well-known consumer brands and retailers in order to steal customers’ money and personal data.
At the same time, the proliferation of social media channels and e-commerce marketplaces makes it more challenging for brands and retailers to monitor fake sites, ads and products. The U.S. Trade Representative’s 2022 Review of Notorious Markets for Counterfeiting and Piracy lists more than three dozen online marketplaces known to enable impersonation and theft. Brand impersonators regularly pop up on legitimate marketplaces and social networks as well, often creating new accounts as quickly as old ones are reported and taken down.
Imposter groups target victims through voice and text messages, too. One March 2023 survey of U.S. consumers found that 78 percent had been targeted by brand impersonation calls and texts, and 45 percent of those messages impersonated “e-commerce sites and online stores.” Even the FTC — the agency responsible for protecting U.S. consumers from scams — isn't immune to brand impersonation. Fraudsters impersonating the FTC’s brand have been trying to trick victims out of money and personal information through voice, text, social media and other channels.
Brand Impersonation Strategies
Phishing-as-a-service is just one of the ways criminals can masquerade as brands, but because phishing is one of the most common attack types, it’s worth understanding how these services work. Would-be scammers, shopping on websites dedicated to criminal activity, can purchase kits that give them all the resources they need to appear to be a trusted brand. A kit might contain emails sent by the brand to use as templates for phishing messages, marketplace templates that make it easy to set up fake storefronts, tips on how to target victims, and even round-the-clock support if the phishing attacks aren’t working as expected.
When criminals combine these brand impersonation resources with automation, they can launch attacks at scale. For example, in 2022 researchers discovered that a threat actor based in China had registered 24,000 web domains in just a few months to impersonate companies for phishing scams. With legitimate-looking websites and social media profiles, imposters can easily phish victims for their payment or store login data.
They can also offer stolen or counterfeit products to capitalize on the popularity of specific brands. Stolen goods often come from card-not-present fraud attacks on retailers, which then end up being undercut on price by imposter sites.
Counterfeit products, most of which are aimed at the retail market, present another set of risks. Often made with cheap or dangerous materials, they can disappoint or even harm customers, and their purchase “often supports criminal activities, such as forced labor or human trafficking.”
Consequences for Retailers and Brands
Besides having to compete against their own, lower-priced stolen merchandise, retailers and brands face other kinds of harm from brand impersonation attacks. More than half of customers who fall victim to these imposter schemes blame the brands themselves in addition to the imposters.
The resulting negative word-of-mouth on social media and review sites can damage the brand and make it harder to get new customers to shop with the retailers that were impersonated — even though they were victims of the scam, too. Those online conversations can erode trust among potential customers, who may wonder which of the brand’s or retailer’s sites are legitimate and decide to shop somewhere else. Therefore, businesses may face higher customer acquisition and damage-control costs in addition to lost sales.
Best Practices for Limiting Brand Impersonation
Fighting the tide of brand imposters requires a strategy focused on monitoring, communication, and reporting. It also requires persistence, because imposters often launch new domains and social profiles after a takedown. This is an ongoing practice, not a one-time action.
Your company should monitor social media, e-commerce marketplaces, and the internet at large for mentions of its business and the brands it produces or sells. This approach can help you identify sites, social accounts and storefronts that are exploiting your name to phish consumers or sell fake goods. When you find an imposter online, take screenshots for evidence and report them to their webhost, the social platform, or the marketplace. In the U.S., you can also report imposters to the federal e-Allegations program for trademark violations.
Communication can also help prevent imposters from harming your customers. If your store or products are being impersonated online, a notice on your site and social profiles can alert customers and tell them how to verify they’re buying from you. To reduce phishing attacks associated with your brand, let customers know how you will and won’t contact them. For example, remind them that your company will never call them to request payment card data or their account login information.
Communication between security, marketing and other teams can help curb imposters, too. For example, if your brand-mention monitoring program uncovers sites posing as your brand, security may be able to quickly identify the web host and other data for reporting. Likewise, your security and marketing teams can develop a plan ahead of time to alert customers and kick attackers out of hijacked accounts if your fraud team notices an increase in account takeover fraud.
Protecting your brand from imposters safeguards your company’s reputation and the trust your customers place in you. Monitoring, communication, and timely reporting of fakes are the keys to keeping impersonators from damaging your business.
Beatriz Thomaz Rabello is the product marketing manager at Brand Protection by ClearSale, a product that identifies and takes down potential threats to your brand and, after that, continues to monitor if they come back online.
Related story: Grinch Bots Are Targeting Online Retail. Are You Prepared?
Beatriz Thomaz Rabello is the product marketing manager at Brand Protection by ClearSale. With a background in production engineering and sales/marketing, Bea drives Brand Protection by ClearSale’s global expansion strategy and effectively bridges the technical and growth teams. In her three years at ClearSale, she has represented the cyber security department in client meetings, ensuring seamless communication. Bea's professionalism, industry expertise, and ability to provide valuable insights make her a trusted advisor and instrumental to ClearSale's success in cyber security.