5 key things to know about modern brand abuse

Sometimes referred to as “brand exploitation” or “brandjacking”, brand abuse can come in many forms. But, ultimately the term describes the infringement of a company’s brand by an outside party or attacker. This party will use your business’ reputation for its own gain, at the expense of your brand equity.

1. Brand abuse is growing

Unfortunately, recent statistics show that brand abuse is becoming more and more prevalent. 

  • During the third quarter of 2021, the number of fake sites, apps, and social media pages impersonating brand-name companies jumped 274% on an annualized basis.
  • There was an 85% increase in consumer losses associated with brand abuse from October 2020 through to September 2021. This cost more than $2 billion in the US alone.

2. Brand abuse thrives in a digital landscape

Today’s world is overwhelmingly digital. The shift to eCommerce that we’ve seen in recent years holds a host of benefits for businesses. But with these benefits comes a downside: the bigger the digital footprint a business has, the larger the surface area for brand abuse becomes. 

It’s also very easy to impersonate a brand over the Internet. Attackers can send emails that appear to be from a trusted business. Furthermore, anyone can register a domain that resembles that of an organization. The difference between “arnazon.com” and “amazon.com” is easy to miss. Because of this, many fake websites are successful at impersonating reputable brands to commit fraud, stealing data and money from unsuspecting victims.

3. Brand abuse is everyone’s problem

Brand abuse affects everyone. But how?

Consumers can be affected if a trusted company is impersonated. They may give away credentials or be scammed out of money.

Organizations can lose hard-earned trust due to brand abuse and impersonation. Data shows that 72% of customers will switch brands after just one bad experience. This means that brand abuse can significantly impact revenue. 

Traditionally, the responsibility for ensuring a company’s brand protection has sat with legal and brand professionals. However, brand protection should also be a concern for several other departments within a company, including marketing and IT.

4. Brand abuse often occurs due to gaps in email security

Over 333 billion emails are sent every day. Emails are widely used by businesses for everything from operations to communications and offers. So it’s no surprise that email is a key attack vector for brand abuse. 

If you don’t have DMARC implemented at its strongest policy of p=reject, attackers can send emails that appear to come from your organization’s domain. This allows them to impersonate your brand to launch phishing attacks on your customers. 

DMARC also has the added benefit of allowing you to implement BIMI. BIMI is a standard that displays validated trademarked logos for all DMARC-authenticated emails. We found that the use of BIMI increases consumer confidence in the legitimacy of an email by 90%

Not sure if you have DMARC configured correctly? You can use our free Investigate Tool to check your email security setup.

5. Automation can help protect your brand from abuse

Brand protection software that employs machine learning and automation should form part of your online brand protection strategy. 

A logo detection service can scan the Internet for unauthorized use of a company’s assets. It then flags these uses to you, increasing the speed with which a takedown can be initiated.

Lookalike domain discovery and takedown functionality can stop domains from impersonating your organization. Research shows that a new phishing website goes live every 20 seconds. To combat this, businesses should use software to scan for lookalike domains and assist you in getting them taken down.

Inbound email threat detection and response can give your employees the tools they need to spot phishing attacks. Brand protection software of this kind is able to assess whether an email’s sender is who they claim to be. It can also employ machine learning to detect suspicious content.

Make Red Sift’s platform part of your brand protection strategy

As the only Integrated Email Security and Brand Protection Platform, Red Sift automates BIMI and DMARC processes, makes it easy to identify and stop business email compromise, and secures domains from impersonation to prevent attacks.

To find out more about how our platform can contribute to your organization’s brand protection strategy, download our eBook today.


Sophia Martin

5 Oct. 2022



Recent Posts


Red Sift Recognized on Deloitte’s EMEA Fast 500™ List

Francesca Rünger-Field

We’re thrilled to share that Red Sift has been included in Deloitte’s 2023 EMEA Fast 500 list. This recognition stems from 389% revenue growth over three years, $54 million in Series B funding, acquiring ASM innovator Hardenize, and introducing the Red Sift Pulse Platform. Read the press release here. About the award The Deloitte Technology Fast…

Read more
Brand Protection

The vital role of cybersecurity for Nonprofits: A deep dive 

Sean Costigan

Save the Children, a beacon of hope and change, has been dedicated to improving the lives of children for over a century. Founded in London, it now has a presence in 29 nations, employing 844 staff members in the UK alone and engaging over 3600 formal volunteers. As charities and nonprofits like Save the…

Read more

Red Sift brings DMARC data to the SOC with new Cisco XDR…

Rebecca Warren

Today, we’re thrilled to announce that we’re extending our partnership by joining the Cisco Security Technical Alliance and integrating Red Sift OnDMARC with Cisco XDR. This integration builds on the Domain Protection partnership we announced in November 2023 to bring visibility of business email compromise into the SOC (security operations center). At release, Red…

Read more

Preventing certificate related violations in cybersecurity frameworks:  A guide to certificate monitoring…

Rebecca Warren

TLS is one of the most widely adopted security protocols in the world allowing for unprecedented levels of commerce across the internet.  At the core of the TLS protocol is TLS certificates. Organizations must deploy TLS certificates and corresponding private keys to their systems to provide them with unique identities that can be reliably…

Read more