AI is simultaneously making it easier for adversaries to carry out brand spoofing and easier for organizations to block spoofing and other threats. Both uses have significant implications for small and medium-sized businesses (SMEs).
Brand impersonation is typically associated with brand names, but it’s probably easier and more effective for hackers to impersonate your local bank than Bank of America. This is especially true in recent times, thanks to the ease of collecting and generating fake content with artificial intelligence.
Some security architects are responding by designing systems that use artificial intelligence to detect and block impersonation attacks, especially in cases where companies can’t afford to do it themselves.
Impersonating SMEs online
Companies with 100 or fewer employees faced an average of 255 cyberattacks per week in 2024, according to data provided to Dark Reading by Check Point.
Among these is brand spoofing one of the most pernicious. While a spoofing campaign against Bank of America won’t even make a dent in its books, the same attack against smaller organizations can cause serious and lasting damage.
“There is a potential degradation of trust and reputation, as consumers may feel the brand is not trustworthy or safe,” explains Jeremy Fuchs, email analyst at Harmony. “There’s also the potential loss of funds. Let’s take a small clothing company. If someone wants to buy a T-shirt, but instead ‘buys’ it from a parody, the company loses money. Finally, when a brand is spoofed, it can lead email providers like Google or Yahoo to block legitimate messages, for example for email marketing.”
This is especially concerning because “A smaller brand, whether it’s a local bank, a doctor, or a law firm, doesn’t really matter. It’s actually easier for hackers to spoof than a larger one,” explains Fuchs. Not only do they lack the time, money and staff to invest in cybersecurity, but “Often, small businesses simply don’t expect it. They assume it’s going to be Bank of America that’s going to be targeted.” Customers also tend to take this for granted (assuming they are aware of the threat).
Historically, SMBs have had one thing in their favor: phishing campaigns have taken time and effort to execute, so from an attacker’s perspective, it might have seemed like a worthwhile investment to target larger organizations with a wider audience.
But thanks to generative AI, this is no longer the case. Hackers can now use chatbots to run wild convincing emails that imitate any business in just a few minutes.
Prevent brand spoofing
Hackers took no time or effort to start using AI to improve the quality and efficiency of impersonation attacks.
Security engineers, meanwhile, faced a much greater challenge in using the same technology for their goals.
Imagine, for example, that you want to use artificial intelligence to detect spoofing attacks against Microsoft. You would have to train an algorithm to distinguish legitimate and fake URLs, iconography, content, and more, associated not only with the company as a whole but also with all of its various products, subsidiaries, public figures behind them, and so on.
And Microsoft is a simple example.
“The real challenge is how to identify small businesses,” explains Dan Karpati, CTO of generative AI and cybersecurity at Check Point. “Everyone knows about the big, big sites in the US and other big countries, but how do we know about a store in a small village in Spain or Lisbon?”
Microsoft researchers took the first steps into the problem in 2021, by training a neural network on 1,000 brand impersonation attacks and generate mathematical representations of brand identities based on nearest neighbor classifications.
The system designed by Karpati works in a similar way, first automatically collecting data from a URL and the content of a legitimate web page. “It can be the URL, the favicon, [data] within HTML, copyrights, links in sites, images – lots of features. Every time we collect telemetry data on a site, we open a new cluster. And if you mark it as benign, okay, now we have an idea of how benign this mark is,” he explains.
Then, he continues, “Every time we observe a new access to a site, we extract its characteristics and ask – automatically – ‘This access with these characteristics that we have extracted from the browser, or on the network, is aligned with what we have registered on the cluster ?’” In other words, with a model of what a brand’s domain structure, iconography and content should look like, new sites that appear with largely similar but slightly different characteristics can be flagged as spoofs.
Since the system is cloud-based and AI-powered, it can apply the same process to virtually any business with an online presence. According to Check Point this system protects thousands of organizations in hundreds of countries every month.
Low-tech solutions
In addition to advanced artificial intelligence, there are other solutions that companies can implement to make the job of imitation more difficult and less profitable for hackers.
First there’s DMARC (Domain-based Message Authentication, Reporting & Conformance), the email verification protocol often required by larger organizationsbut which smaller ones tend to neglect. Ironically, it is much easier for a small business to be DMARC compliant than a larger one.
“You need to be able to monitor all your domains, and for some companies that have hundreds of them that can be difficult. If you have one domain, it takes about 20 minutes,” Fuchs points out. “DMARC can be a huge undertaking depending on how many domains you own, but it’s a worthwhile project. It’s a huge step in ensuring that when someone receives an email from you, it’s from you or not from someone who just seems like you.”
And simply communicating with customers and vendors is always helpful, whether through helpful tips and resources on cyber hygiene, or through regular alerts: “We will never ask you for this code,” “We will never send you an email like this,” and similar.
“Having both of those measures and having that kind of open, honest culture of, ‘This is a problem, we’re trying to solve it, here’s how we’re doing it, and here’s how you can help us’ — makes you a candidate for better outcomes,” says Fuchs.