By Luke Vander Linden, VP of Membership & Marketing, Retail & Hospitality ISAC

With high volumes of daily transactions and access to customers’ personal data, such as phone numbers, addresses and credit card numbers, retailers are highly targeted by cybercriminals.

Unfortunately, cyberthreats for retailers continue to rise. As brands expand their digital footprints with the addition of new services and systems, the attack surface for would-be hackers also expands, creating more opportunities to do harm.

These days, bad actors are going beyond traditional ransomware or malware attacks. Instead, they are launching brand impersonation attacks, posing as retailers online to trick customers into making purchases or giving away sensitive data. For retailers, the consequences are
far-reaching, from operational downtime and lost revenue to potential regulatory fines or even lawsuits. Moreover, brand impersonation attacks sour customer trust and damage reputations—intangible but profound effects that can take years to reverse.

Here’s a look at the latest trends in brand impersonation attacks and what you can do to protect your brand online.

Brand Impersonation Dupes Unsuspecting Customers

One of the most obvious ways cybercriminals impersonate retailers online is by setting up shop with a fake domain that’s a look-alike of the store’s real website. By securing a domain with just a slight variation of the brand’s real web address, bad actors can create copycat websites that trick customers into thinking they’re browsing their favorite brands. Mimicking the company’s logos, colors and other branding adds to the facade. Likewise, fraudsters can easily set up social media profiles that mimic retailers or top product lines. Another increasingly common tactic employed by bad actors is sending emails that purport to be from a retailer and offer deep discounts or other compelling offers to drive traffic to a fraudulent website.

Under this guise of authenticity, cybercriminals can get customers to willingly input personal information, such as credit card numbers or addresses, all while believing they’re making a legitimate purchase or booking a room for an upcoming vacation. Criminals can further sweeten the pot by advertising huge discounts, fake “store-closing” sales, loyalty points and other incentives to lure in customers and get them to hand over their data.

How to Detect and Mitigate Brand Impersonation Attacks

As artificial intelligence and deepfake technology make it increasingly difficult to discern what’s real and what’s fake online, brand impersonation attacks will continue to rise. But while the consequences for retailers are stiff, not all are prepared to withstand such threats.

So, what can be done to keep hackers from duping customers with brand impersonation tactics?

To prevent phony websites, brands can secure domain names similar to theirs. It’s also wise to scoop up look-alike social media handles and usernames to prevent fake accounts from cropping up. Retailers can also lean on brand protection software that helps search for and even take down counterfeit websites.

The Best Defense Is Collaborative Intelligence

Software can only do so much in the face of rising brand impersonation attacks. Even the Federal Trade Commission issues a warning, calling out business impersonation scams as one of the most commonly reported scams. In total, the agency fielded more than 300,000 reports of business impersonation scams for a combined loss of more than $1 billion.

It’s simply impossible for one organization to stay on top of all ongoing threats, even with the support of software. That’s why the best defense against brand impersonation attacks is collaborative intelligence. By working with other retail organizations, you can rapidly share information about new attack strategies and vulnerabilities to take action fast and prevent attacks before they occur.

For help warding off brand impersonation attacks, retailers specifically can turn to RH-ISAC, a retail- and hospitality-focused cyber intelligence community. This global consortium connects information security teams at the strategic, operational and tactical levels to
share best practices, benchmark against each other and work together on common cybersecurity issues.

Cyberattacks are nearly ubiquitous and hackers are getting craftier, but by working together, retail and hospitality organizations can maximize threat intelligence and build better security for the entire industry.

About the Retail & Hospitality ISAC

The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) is the trusted community for sharing sector-specific cybersecurity information and intelligence. The RH-ISAC connects information security teams at the strategic, operational and tactical levels to work together on issues and challenges, to share practices and insights and to benchmark among each other—all with the goal of building better security for consumer-facing industries through collaboration.

All members of the North American Hardware and Paint Association (NHPA) are eligible for a free trial membership to RH-ISAC. During Cybersecurity Awareness Month and throughout the rest of the year, RH-ISAC offers weekly threat-briefing conference calls, discussion groups focused on a wide range of topics and in-person training and professional development opportunities. Visit rhisac.org/nhpa to sign up for a trial membership and to access free resources, including a small business toolkit to reduce cyber-risk.