3 Ways To Check If Your Corporate Identity Is Being Impersonated Online

27 Feb / 2023

A guide to taking the first step towards protecting your brand from online impersonation

Cybersecurity attacks cost businesses financially, operationally and reputationally. In Australia, a successful phishing attack costs on average $23,000 to remediate. This is one type of attack, let alone other types such as Denial of Service ($108,000 per attack), or web-based attacks ($177,000 per attack). As this number grows, the fallout ripples from executives down to end users. Tarnished reputation and loss of revenue threaten to close businesses, while downstream clients may never recover financial losses.

Social engineering and phishing type methods are still favoured by cyber-attackers, likely because they are still effective. Over 87,000 unique phishing campaigns are launched globally every month - that is a large volume to protect against.  

One method of a social engineering type phishing attack is favoured by hackers: brand impersonation. By exploiting your hard-earned customer loyalty, malicious actors increase their chance of successfully deceiving their victims.

Online brand impersonation: the first phase of attack

Brand impersonation involves malicious actors imitating your corporate identity online. Common tactics include domain impersonation (such as cybersquatting or typosquatting), social media impersonation and phishing (especially spoofing).

To manually check for online impersonation, you would need a dedicated security team working nonstop. In-house teams use search engine results page analysis, reverse image search, scheduled remote shutdown and social media trawling, but these ultimately fall short.

While your team may be aware of the methods they can take to prevent online brand impersonation, it is still inevitable. As hackers advance, the methods you use must too. The first step in safeguarding your corporate identity is to find out what data has already been leaked.

Here are 3 ways to take that first step:

1. Deep Web Scanning

Deep web scanning is by far the most accurate and proactive approach to protecting your corporate identity. It offers the only comprehensive overview of what data exists across the entire internet, including the deep, dark and clear web.

Identifying malicious impersonators on the deep web gives you the best chance of removing the threat before they attack your business. Websites impersonating your domain are often bought and sold on the dark web before going live for use in phishing attacks.

A deep web scan detects brand impersonation on the deep web, including confidential information being bought and sold on the dark web. It also detects those malicious actors operating in plain sight on social media and other more accessible forums.

 2. Email Security

As hackers consistently rely on phishing for attack, it’s a great place to start assessing the security of your corporate identity. Engaging an email security partner or enabling an email scanning tool can provide an overview of activity across your email server and endpoints.

 An email security assessment can identify past cases of impersonation and run phishing simulations to evaluate real-time vulnerability to phishing attacks. This includes the state of your email security system and employee likeliness to engage with phishing emails.

Bear in mind that email is just one facet of your corporate identity’s vulnerability, and an email security partner or tool cannot provide a full overview. Other avenues like social media and the deep web will need to be addressed separately.

3. Social Media Listening

Just as a snapshot of your email security can be taken individually, social listening scans detect brand impersonation on social media. Social media is a common space for corporate identity impersonation and is notoriously difficult to patrol.

Social listening tools allow security partners to distinguish hacker chatter from genuine conversations by your employees and customers. Sophisticated AI can look for anomalies and suspicious activity to identify threats before they become dangerous incidents.

Again, it’s important to understand that social media impersonation is just one component of potential online brand impersonation. Using this method alone, you are likely to miss numerous other avenues. 

How to conduct a deep web scan

To scan the deep web, you need access to specialist software and knowledge. A security partner and solution, such as Cythera’s BrandProtect, can offer deep web scanning and provide fast insight into the way your brand is being impersonated online.

BrandProtect is powered by Rapid7’s Threat Command, but takes a human-led approach to protecting your brand identity. Expert analysts respond to brand impersonations, incidents and manage takedowns to mitigate risk before it develops into an attack.

With the help of Rapid7’s industry-leading intelligence and Australia’s most senior technical talent, BrandProtect is the only way to proactively secure your brand identity. 

Has your business recently:

  • Suffered a cybersecurity breach or phishing scam and you are concerned that confidential data has been leaked across the dark web?
  • Encountered a phishing scam whereby a fake account has been set up to look like one of your employees, suppliers or customers?
  • Been exposed to a domain impersonation attack where cyber criminals set up look-alike sites or paid advertising campaigns that look exactly like your company brand?
  • Been approached by fake account profiles that are demanding payment, login or financial details in relation to your organisation or staff?
  • Or, you’re not sure if your organisation's brand is being impersonated by malicious actors around the globe in general?

Cythera’s BrandProtect service can help you gain visibility and take down malicious digital impersonation scams by scanning the deep, dark and clear web for data leaks, brand impersonation domains, fake social media accounts or hacker chatter relating to your organisation.

We leverage state-of-the-art dark web scanning tooling and wrap it around our human-led cybersecurity service that manages takedowns through our relationships with ISP’s, domain controllers and social media platform agreements.

To learn more about Cythera’s Brand Protect Service, powered by Rapid7, contact us here:


You may be interested in

The Ugly Side of ISO 27001 Compliance. What Happens if You Get it Wrong?

We’re going to be candid and frank here. ISO 27001 audits, and any cybersecurity compliance audits at all, can be hard to achieve and stressfu…

Read More arrow_forward

Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities

Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities CVE: CVE-2022-27510, CVE-2022-27513 and CVE-2022-27516What is Vuln…

Read More arrow_forward

Navigating ISO 27001 in Australia: What You Need to Know and Do

In Australia, ensuring the security and protection of sensitive data has become increasingly important - high profile cybersecurity attacks on O…

Read More arrow_forward