As soon as your company becomes more or less famous, more often than not someone starts exploiting your success for their own purposes. At best, they simply hide behind your name in order to promote some dubious quality goods and services. At worst, they prey on your clients, partners, or even employees. The latter – including the information security department – often don’t even suspect the existence of malicious doppelgangers until their actions begin to cause a flurry of letters to your customer support, or a scandal on social networks. In any case such incidents negatively affect your company’s reputation. Three types of internet-doppelgangers are the most common.
Fake apps in stores
These days, almost every serious business has its own app for convenient customer access to online services – sometimes more than one. Therefore, it’s no surprise that when you search for this or that app in an online store you get more than one result. Sure, most users will download the most popular option, but most likely some will fall for the scammers’ trick and install a fake one – especially if they receive a direct link to it. Inside, anything can be lurking – from a banking Trojan to tools for remote access to your device. Quite recently, our experts found several modified versions of popular instant-messenger apps on Google Play containing spyware code.
Fake social media accounts
Social media accounts purporting to relate to your company can be used by criminals in a variety of different schemes. They are often used to spread false information – to promote some semi-legal (online casinos) or outright fraudulent activities (giveaways for all kinds of prizes, tickets or bitcoins) supposedly affiliated with your brand. However, a fake account can also distribute malicious or phishing links, or serve as a platform for more sophisticated social engineering attacks.
If your website has a member area for clients, partners or employees, then you can rest assured that the personal credentials for their accounts are of interest to attackers. Therefore, you should not be surprised if at some point attackers will try to imitate your site in order to harvest logins and passwords – at least in order to resell this information to other cybercriminals.
How to protect a company’s reputation from copy-cats?
In the vast majority of cases, the target of various illegal schemes involving imitation of your website, app, or a social media account is targeted at someone else (whether individuals or other companies). However, it’s your reputation that suffers. Therefore, such doppelgangers should be identified and eliminated before they can cause significant damage. To share our expertise on this matter and help you to timely detect them we’ve updated our Digital Footprint Intelligence service.
The Kaspersky Digital Footprint Intelligence service is designed to enable customers to monitor their digital footprint and identify potential risks and vulnerabilities associated with it. Some time ago, its functionality was supplemented with monitoring for phishing sites that use brand names or were registered using typosquatting and combosquatting, as well as with a domain takedown service.
Now the service also allows you to track, identify, and take down accounts on social networks and applications in stores that are illegally using your company name. You can learn more about Kaspersky Digital Footprint Intelligence on the solution's website.