Brandjacking: The unauthorized use of a company’s brand or online identity for the purpose of acquiring their brand equity.

This might seem more like a marketing topic, and it is on the surface level, but under the guise of a general nuisance lies something far more nefarious. While brandjacking is not a new concept, it has become more prevalent with the rise of social media. With social media, you can log in and visit any public company page and get a wealth of information including websites, phone numbers, logos, and branding materials.  A brandjacker now has all the information they need to do some serious damage if they desire. There are several forms of brandjacking, we will start with the more innocent forms and move down to the truly malicious ones.

Identity Impersonation

Social Media is a breeding ground for fake profiles impersonating everything from companies, politicians, celebrities, and even normal everyday people. This can be done for many reasons

  1. As a prank. Yes, some people are bored and they do these types of things for fun.
  2. To besmudge the real individual or company.
  3. To gain personal information from others. 


This happens when someone buys urls in anticipation of someone wanting to purchase them in the future. While this is considered immoral profiteering, it is not illegal. As an example, a new hot startup company called never purchased all of the extensions available. (i.e. .org,, .net, .buzz.) Another individual then goes out and purchases them with typically two things in mind:

  1. To sell them to you, at a much higher premium, of course.
  2. They will sell them to someone else or do it themselves, who can then set up a fake site and begin an impersonation campaign.


A lot of you are probably questioning this one. Phishing is more commonly known, and I am sure almost all of us have seen one instance of this, if not more in our life. Phishing campaigns work best when they are coupled with a real organization that you already trust. This is also known as brandjacking. A service you use on a regular basis, emails you and says that there is something wrong with your credit card. They ask you to please update your information, and they even give you a link. You click the link and navigate to what you think is their website. However, what you don’t realize is the real website is a .com but this is a .net and it looks exactly the same. You update your information along with your credit card and go about your merry way, while the criminal does a happy dance.

So now you’re freaking out and questioning everything on the internet, or scouring the web looking for brandjackers. There are a few things you can do to protect your organization, customers, and end-users.

  1. Sign up for the leading social media networks, so someone else doesn’t beat you to it.
  2. Setup active site monitoring for all social networks, so you can catch on quick if someone is impersonating you.
  3. Plan for the future! If you think you are going to need a certain URL or social handle, acquire them before you have to purchase them from a cyber-squatter.
  4. If you do come across any infringement, proceed with caution and remain professional. Some brandjackers are just waiting for you to mess up and cause a commotion. I don’t care what the old saying is. “Bad Publicity is Bad Publicity.”
  5. The last step is the most important one. Permanent Surveillance! That’s right, never let your guard down and remain vigilant in the search for brandjackers.

For more information on brandjacking or phishing, call (877) 369-1831 or email us at

You Might Find These Articles Interesting:

Phishing – Look for these Warning Signs – Infographic

The Evolution of Risk Management 

Risk and its Evaluation – Free White Paper