Get The Latest Insights

By Tricia Harris | December 27, 2019

Copy of Social Media Phish Brand Impersonation

Today’s marketing organization uses countless SaaS-based tools and platforms that live outside of an organization’s network. As their digital footprint grows, so does their potential for digital risks targeting their enterprise, brands, and customers. Even if they don’t join the latest social media platform, in most cases there are not proper online brand protections in place to ensure verification. They just can’t scale with pesky things like security and privacy controls in place.

Due to these limitations it is almost entirely up to each organization to gain a full understanding of their digital footprint and to monitor it as it grows. This week we’re going to take a look at some of the more common digital risks that can occur across the open, deep, and dark web, with a dash of mobile and social thrown in for good measure.

Executive Spoofing and Brand Impersonation

You wake up to a text message alert on your phone: “Why is Jack, our CFO, posting rude messages to our customers on Twitter?”

But wait, Jack doesn’t have an account. It’s not uncommon, it only takes a few minutes, but spoofing of people and executives happen on a daily basis. In some cases these are designed to just be parodies, in other cases they are designed to mislead a target audience. The same thing can be done with misspelled domain names and copycat mobile apps. These fake assets mislead people, damage brand reputations, and result in data breaches or loss of PII.

In most cases a marketing team that commonly uses the same digital tools that threat actors use are not prepared to monitor for or respond to brand abuse. In these cases both marketing teams and security teams need to work together to monitor for and take down these potential brand reputation risks. This may not be a common duo today, but as enterprise organization’s digital footprints continue to expand, it will be.

What to monitor for: fake accounts posing as a brand/executive, domain names, mobile apps

Data Exposures

Employees are often left to blame for a lot of data exposure situations, but when trained, they can be one of the most important component to a security vigilant organization. A well tuned marketing organization, in addition to other employees, can often spot potential data leaks out on the web or prevent them from occurring. With a quick Google search you can find hundreds of cases where someone accidentally uploaded private credentials to github, so much so that they created a doc with instructions on how to reverse it.

These things certainly do happen, but a marketing team is unlikely to be the ones to find it. Instead, security teams need to log where each tentacle of an organization’s digital footprint has spread and monitor for potential issues there. In the same, a marketing team likely won’t be exploring the dark web as part of their brand protection efforts, which leaves the security team to be vigilant there for offers to sell company or customer data.

What to monitor for: brand mentions, executives, code bases, bin sites.

Cyber Threats

The majority of phishing attacks are still delivered through email; however, in this year’s Phishing Trends and Analysis report we identified a growing number of attacks being delivered through social media. That means those tweets and messages a brand team may ignore can actually contain a malicious link that one of their customers may incidentally click on, provide their credentials to, and later cause headaches to both the user and brand.

Security teams need to monitor for malicious links that abuse their organization’s logo, name, and brand or products as a result. These can be housed on forums, social media, and anywhere that customers typically go on the web. Unfortunately most marketing-based or SaaS brand protection solutions also produce more brand-driven rather than security-driven results, which means you’ll also be wading through quite a bit of white noise.

What to monitor for: emails for phishing attacks, deep/dark/open web for planned attacks, malware configs.

To learn more: