Brandjacking – the malicious virtual impersonation of a legitimate company – is deep, widespread, complex and inescapable. But don’t lose heart, you can contain it if you keep your cool:

A gatha Ruiz della Prada is known for her witty and irreverent take on contemporary fashion. Her clothes are stylish, but often with a humourous twist. So at this year’s Milan fashion week, journalists to the della Prada show took a few seconds to realise that something wasn’t quite right when a male model started sashaying down the catwalk with every fashion cliché – from pompoms to Ugg boots – hanging from his multi-coloured poncho. The lights and music were finally cut when organisers realised it wasn’t part of the show, but a media stunt. Comedian and Ali G creator, Sacha Baron Cohen, had pushed himself right inside the della Prada brand to promote his new movie.

Such an audacious move by an outside party to hijack an organisation’s brand may be rare offline, but it has become so common online that it has acquired its own name – brandjacking.

Cohen’s move may be seen as harmless fun, but when the first two pages of google search for Agatha Ruiz della Prada are given over to press, blog and video coverage of the stunt, it will take a while for her name and reputation to move on from the man who brought us the mankini.

Less harmless, however, are the phony emails purporting to be from pharmaceutical companies selling over-the-counter medication, or from financial institutions asking individuals for verification of their bank details. These have historically been the brandjackers’ mainstay: Cybersquatting – the registration of a false domain name which uses a genuine company’s credibility and reputation to sell predominantly fake goods under that company’s banner; and phishing – when a malicious third party sends hundreds of thousands of emails, usually soliciting money or bank details.

But with the rise of social media a new class of brandjacking is emerging. Dean Russell, head of digital media at UK communication group Precedent, says brandjacking used to be about “stealing domain names in cyberspace. But in the future, with the rise of social media, it’s much easier for individuals to jump straight into the social media space and start blogging as a representative of a company.”

Earlier this year, Twitter, the blog site, carried a blog from ‘Janet’ who was “taking on the world’s toughest energy challenges”. Her home page declared  “I am an employee of ExxonMobil, who has decided to put forward her pride in her own company.” She defended ExxonMobil, and downplayed the Valdez oil disaster as inconsequential. When ExxonMobil was quizzed by the Houston Chronicle about its new “spokesperson”, it replied: “It’s not us.”

Janet had brandjacked the ExxonMobil name and was rumbled as being an imposter.

It may have been that she was caught early, or that she never had any malicious plans, but ExxonMobil wasn’t sure what its response should be. It realised that letting its messaging and reputation be handled by a complete stranger wasn’t the best thing, but wasn’t sure how to deal with it.
Criminal intent

However, despite the rise of social media, the most popular form of brandjacking is still cybersquatting. A survey by brand protection agency, MarkMonitor, shows cybersquatting from January to August of this year was up by a third compared to 2007.

The survey results also show that the US, by a long margin, is the country most affected: 75 percent of all brandjacking is suffered by American companies, followed by Germany (five percent), China and the UK (three percent each). But it is important to remember that just because these countries host the brandjacked sites, visitors can come from anywhere, so criminals can just sit in one country, host in another and still appear to be from somewhere totally different. What makes the internet attractive to businesses makes it even more attractive to criminals.

The auto industry has seen the greatest increase in brandjacking, with recent survey results showing a 60 percent rise year on year. Unlike fake Rolexes on a market stall, an official-looking website offering Jaguar brake pads, BMW light bulbs or Mercedes keyrings is far more misleading for the customer and highlights how car manufacturers are easy targets for the brandjackers.

Phishing is also on the rise. MarkMonitor’s data shows a 20 percent increase in phishing in the second quarter of 2008. The report notes “phishers were active in targeting fresh prey – 169 organisations were first-time targets, a big jump from previous quarters”.

Fighting back

With such a marked increase in brandjacking, what can organisations do to protect themselves from cybercrime and what can they do if they become the victims of cyber terrorists?

Charlie Abrahams, general manager of MarkMonitor EMEA, says there are three tactics companies can take to defend themselves against brandjacking: prevention, detection and response.

The first step in preventing brandjacking is to register all the company’s intellectual property, including trademarks and copyrights. “Register all domain names associated with those key trademarks in regions in which the business has operations,” he advises.

This includes, where possible, registering defensive trademarks, which are trademarks registered over product categories in which the organisation does not manufacture products or services. Usually, these can only be registered by big name brands.

Ciarán Coyle, managing director of UK brand licensing agency The Beanstalk Group, points to car maker Jaguar as an example.

“When Jaguar applies for trademark protection in a jurisdiction for its vehicles, it also applies for protection in other categories in which it does not traditionally make products, such as toys or jewellery,” he says.

It can be difficult, however, to get defensive protection for a brand in a particular product category if the company doesn’t produce any of
those products.

But co-existence agreements are a possibility. “There is a similarity between the Jaguar and Puma logos,” Coyle explains, “so in Puma’s home territory Jaguar agrees not to sell apparel and Puma agrees not to manufacture cars.” According to Coyle, the key legal consideration is whether there is the potential for confusion between the brands in the minds of consumers.

When it comes to detection, firms such as MarkMonitor have proprietary technology that allows them to find incidences of brand infringements on websites around the world. Dow Jones Insight offers a similar service.

Abrahams says incidences of brandjacking are so high that some well known organisations experience tens of thousands of brand infringements each week, making it almost impossible to fight every incident. Organisations with such a high rate of violations have to prioritise which ones they go after.
“There are whole businesses built on pay per view revenue generated by setting up a web site and advertising someone else’s brand,” says Abrahams. These are the businesses worth pursuing – as long as you can find them. They operate by setting up a web site in one company’s name, then sell ads on it to businesses that want to be associated with the company whose brand name the web site is in.

Responding to cyberthreats can take various forms. Abrahams says the infringement determines the type of response necessary. “The response has to be appropriate to the threat,” he says.

Threatening letters is of course the first step, with full blown legal action at the other end of the scale. But finding and successfully prosecuting the culprits, who often operate in rogue jurisdictions, can be tough.

Criminals can sit in one country, host in another and still appear to be from somewhere totally different. What makes the internet attractive to businesses makes it even more attractive to criminals

Protecting your reputation

As with ExonMobile’s ‘Janet’, brandjackers aren’t always criminal. That doesn’t mean, however, that they can’t inflict serious damage to a company’s reputation. In the same way that a company can get used to working with NGOs and pressure groups, sometimes a collaborative approach rather than a combative, legal one might work better to deter the brandjackers in the first place.

Computer maker Dell has the right approach to working with consumers who have something to say about the brand. Rather than simply monitoring what others are saying about Dell, the company encourages consumers to go to a micro site it has set up and comment on the brand and its products.
A quick look at DellIdeasStorm shows the company is serious about transparency and engaging with its customers – there are rants on the site about things like pricing of Dell products, for example, and Dell doesn’t come off too well in the exchange between users, with one user noting that “Dell must think we’re stupid or not know how to add,” a comment few companies would be willing to leave on their own sites.

But, says Precedent’s Dean Russell, Dell’s philosophy is that “it’s better to have these comments happening on our own site than elsewhere”. Although the site itself won’t stop consumers starting up their own online Dell rants, by providing them with an official place to let off steam the company hopes disgruntled consumers will at least be inclined to approach Dell directly with complaints, rather than start a tirade of their own.

Cybersquatting, phishing and criminality aside. brandjacking is ultimately about the shift of power and credibility from organisations to consumers. The internet has given consumers, frustrated with poor service and response from companies,the tools to do something about it. Consumer attacks often have more credibility than the tarnished companies they are trying to damage.

Now, however, power is swinging back to the corporation. There’s nothing organisations can do to stop brandjacking altogether. But with the right tools to protect, identify and prevent brandjacking, they can learn something about their consumers and the environment in which they operate, gaining the opportunity to bring companies and their consumers closer, for the benefit of both.