Source: Bulat Silvia via Alamy Stock Photo

AI is simultaneously making it easier for adversaries to pull off brand spoofing and easier for organizations to block spoofing and other threats. Both usages have significant implications for small to midsize businesses (SMBs).

Brand impersonation is typically associated with brand names, but it's arguably easier and more effective for hackers to impersonate their local bank than Bank of America. That's especially true as of late, thanks to the ease of collecting and generating fake content with AI.

Some security architects are fighting back by designing systems that use AI to instead detect and block impersonation attacks, especially in cases where businesses can't afford to do so themselves.

Impersonating SMBs Online

According to data provided to Dark Reading by Check Point, businesses with 100 or fewer employees have faced an average of 255 cyberattacks per week in 2024.

Among those, brand spoofing is one of the most pernicious. While a spoofing campaign against Bank of America won't even dent its books, the same attack against smaller organizations can cause serious, lasting damage.

"There's the potential degradation of trust and reputation, as consumers may feel the brand isn't reliable or safe," explains Jeremy Fuchs, Harmony email analyst. "There's also the potential loss of funds. Take a small clothing company. If someone wants to buy a t-shirt, but instead 'buys it' from a spoof, the business is losing out on money. Finally, when a brand is spoofed, it can lead to email providers like Google or Yahoo blocking legitimate messages, such as for email marketing."

This is especially worrying because "A smaller brand—whether it's a local bank, doctor, law firm, it doesn't really matter—is actually easier for hackers to spoof than a larger one," Fuchs explains. Not only do they lack time, money, and personnel to invest in cybersecurity, but "Oftentimes, small businesses just aren't expecting it. They assume that it's going to be Bank of America that's targeted." Customers also tend to make that assumption (if they're aware of the threat at all). 

Historically, SMBs have had one thing going for them: phishing campaigns took time and effort to craft so, from an attacker's perspective, it might have felt like bang for their buck to target larger organizations with wider audiences.

This is no longer the case, however, thanks to generative AI. Hackers can now use chatbots to whip up convincing emails mimicking any business in minutes flat.

Preventing Brand Spoofing

It took no time or effort for hackers to start using AI to improve the quality and efficiency of impersonation attacks.

Security engineers, meanwhile, have faced a far greater challenge in utilizing the same technology for their goals.

Imagine, for example, that you want to use AI to detect spoofing attacks against Microsoft. You'd need to train an algorithm to distinguish legitimate and faked URLs, iconography, content, and more, associated not just with the company as a whole but also all of its various products, subsidiaries, the public figures behind them, and so on.

And Microsoft is an easy example.

"The real challenge is how to identify small businesses," explains Dan Karpati, CTO of generative AI and cybersecurity at Check Point. "Everyone's familiar with the big ones–the top sites in the US and other major countries–but how do we know about a store in a small village in Spain, or Lisbon?"

Microsoft researchers made early inroads into the problem back in 2021, training a neural network on 1,000 brand impersonation attacks and generating mathematical representations of brand identities based on nearest neighbor classifications.

The system Karpati designed works in a similar fashion, first by automatically gathering data from a URL and the content of a legitimate web page. "It can be the URL, favicon, [data] inside of the HTML, copyrights, links in the sites, pictures–a lot of features. Each time that we collect telemetry about a site, we open a new cluster. And if you mark it as benign, okay, now we have some sense of how benign looks for this brand," he explains.

Then, he continues, "Every time that we observe new access to a site, we extract its features and we ask–automatically—'Is this access with these features that we extracted from the browser, or on the network, aligned with what we recorded about the cluster?'" In other words, with a model for what a brand's domain structure, iconography, and content should look like, new sites that pop up with largely similar but slightly different features can be flagged as spoofs.

Because the system is cloud-based and AI-driven, it can apply this same process across just about any company with an online presence. According to Check Point, this system protects thousands of organizations in hundreds of countries every month.

Lower-Tech Solutions

Besides advanced AI, there are other solutions companies can implement to make the job of impersonating them more difficult, and less profitable for hackers.

For one thing there's Domain-based Message Authentication, Reporting & Conformance (DMARC), the email verification protocol often required of larger organizations, but which smaller ones tend to overlook. Ironically, it's far easier for a small business to be DMARC-compliant than a larger one.

"You have to be able to track all your domains, and for some companies that have hundreds, it can be difficult. If you have one domain, it takes like 20 minutes," Fuchs points out. "DMARC can be a huge undertaking depending on how many domains you have, but it is a worthwhile project. It's a huge step in making sure that when somebody gets an email from you, it's coming from you, or not from somebody who appears just like you."

And simply communicating with customers and vendors always helps, whether it be through helpful cyber hygiene tips and resources, or regular notices–"We'll never ask you for this code," "We'll never send you an email like this," and the like.

"Having both of those measures, and having that kind of open and honest culture–like, 'This is a problem, we're trying to fix it, here's how we're doing it, and here's how you can help us'–makes you a candidate for better outcomes," Fuchs says.