April 19, 2022

When criminals steal an individual’s identity, the victim can take steps to minimize potential damage by, for example, notifying credit agencies and freezing bank accounts. But what happens if a cybercrook steals a company’s identity and uses it to engage in fraud? This situation can be more complicated — and expensive — to resolve.

Fraudsters who use your business’s digital assets for their benefit are known as brandjackers. Brandjacking schemes may involve copying websites, social media accounts, logos and email domains to lure your customers, suppliers and other stakeholders and defraud them.

But you can fight back. Consider taking these seven steps:

  1. Monitor social media chatter.Maintaining control of your brand and its digital assets is critical to detecting brandjacking. A big part of this is monitoring online chatter about your brand. Invest in social media tools to look for mentions of your company, paying attention to both positive and negative commentary. If something seems strange or suspicious, investigate.
  2. Register your trademark.Consider registering your trademark with the United States Patent and Trademark Office and the World Intellectual Property Organization. Doing so won’t stop a determined criminal from compromising your brand, but it can provide you with legal recourse should brandjacking occur.
  3. Buy similar domain names.Criminals sometimes register similar looking domain names and then establish competing websites. To prevent them from doing this to your business, register variations — including common misspellings — of your domain name. Additionally, consider purchasing other domain extensions (for example, biz, co, org and us).
  4. Invest in security.To gain control of digital assets, cybercriminals may try to hack your company’s network. Good cybersecurity is critical! At the minimum, you need firewalls, antivirus software, malware scanners and intrusion detection tools. Consider consulting with cybersecurity and fraud experts to help ensure you’ve fortified all potential weak links. Also require employees to change their passwords frequently and train them to exercise caution when opening emails and clicking on attachments.
  5. Enforce your legal rights. If you’re brandjacked (or you simply suspect brandjacking), contact your attorney immediately. Lawsuits can prove expensive and time-consuming, yet legal action is the most practical and effective approach in some circumstances. Attorneys who specialize in intellectual property may also be able to advise you on protecting your brand online.
  6. Communicate with customers.In the event your brand is compromised, let customers, suppliers and other stakeholders know they should be on the lookout for fake websites and emails that purport to be from your company. Not only does this protect them from fraud, but they can help you fight cybercriminals by reporting suspicious uses of your brand to you.
  7. Think about rebranding.If all else fails and your brand is compromised, you may want to consider rebranding. Doing so comes with a cost, but there’s a possible silver lining. Rebranding could provide an opportunity to reinvigorate marketing efforts and give you an excuse to reengage with your customer base. Just make sure you’ve fully protected your new brand (using previously mentioned tips) before relaunching it.

A proactive approach to cybersecurity is your organization’s best defense. GRF’s Risk & Advisory Services team works with companies across many industries to help them develop a cybersecurity program that proactively monitors and anticipates evolving threats. A great first step is a cybersecurity audit. Contact us about GRF’s cybersecurity risk assessment and scorecard that will help your organization identify possible risks.


Melissa Musser, CPA, CITP, CISA,

Partner and Director, Risk & Advisory Services