It's clear to everyone that company's brand is a valuable property. Often hundreds of millions of dollars were used to create the brand over decades. It creates instant recognition and trust.
That is the reason why bad guys are hijacking well-known brands every day, and why corporations protect their brands—for very good reason.
In a recent report published by RiskIQ, results from a survey of over 1,600 U.S. and U.K. information security leaders across verticals, provided insights into their cyber-risk concerns and plans for 2018. What shows up as #3? Brand.
They are right to be worried. Every day, millions of criminal phishing emails are using brands illegally as a social engineering tactic to manipulate your friends, family and employees into clicking a link or open an attachment. That is why KnowBe4 stands firm on using brands in phishing simulations is important to inoculate your users against this type of attack.
When a Phishing Simulation Uses a Brand...
The phishing test emails are sent to employees only, who are aware that they are frequently tested to keep them on their toes with security top of mind. Very rarely do these phishing tests make their way to the real company.
However, when that happens, by checking the email header, their Incident Response team can see in less than 10 seconds that this is a simulation and that their brand is not used to confuse the employee as to the source or the particular product or service.
At KnowBe4, we respect and help protect brands by educating your friends, family and employees that criminals can hijack brands and that they should watch out for this criminal use.
Fear, Uncertainty And Doubt (FUD)
When any vendor claims that you need written authorization from the brand before you can use it in a phishing simulation, it is obvious that their position is not in your best interest and are engaging in the oldest trick in the book: FUD.
Without going into any legal details in this post, the misunderstanding is that using the logo of another company in a simulated phishing attack will open up an organization to complaints about trademark or copyright infringement.
However, the truth is that from a copyright perspective, incorporating a third party logo in a simulated phishing email serves an entirely new, transformative purpose, and as such, constitutes a fair use. We have a dedicated page that explains the legal background.
Conclusion? Keep Phishing!
Do not get tricked by FUD and continue to help your friends, family and employees by educating them that bad guys hijack valuable brands millions of times a day and that they should not fall for these criminal phishing attacks.
And guess what, you are helping protect that brand at the same time!
