Stopping Brand Impersonation on Social Media

Word Count: 2,073 Estimated Read Time: 8 Min.

There is an adage that says, “people do business with people they know, like and trust.”  It’s not enough for a business to build the best mousetrap or be the best mouse trapper.  A company must deliver a product or service in a way that allows them to connect with their customers in an engaging and personal way to be known and liked.  And business must be authentic and transparent about its purpose and values to gain trust.  But the more a company does this – puts it all out there – the easier it is for cybercriminals to target them.  They roll out sophisticated impersonation scams, leveraging tactics like fake job offers and spoofed websites to exploit organizations. These scams aim to extract money, steal personal data, or install malicious software, posing a serious threat to the entire marketplace. And these brand attacks happen to companies big and small across all industries.

Case in Point 1:  The TikTok Misinformation Campaign Targeting a Pharmaceutical Company

Innovative BioPharma is a B2B company that offers marketing, communications, and consulting services to the pharmaceutical, medical devices, and nutrition sectors. Their services include consulting, content development, meetings and conferences, and virtual solutions. They emphasize innovative solutions to enhance product market share for their clients and primarily communicate with medical professionals and investors. Their social media presence is focused on sharing scientific research, corporate responsibility initiatives, and news about their pipeline. They do not, however, sell their products directly to consumers on these platforms.

What was done? During a health crisis, a group of anti-science activists created a fake TikTok account that looked like a grassroots advocacy group for a particular disease. However, the name of the account was a clever play on the Innovative BioPharma’s name. The account started posting a series of viral videos, using misleading graphics and emotionally charged music, claiming that Innovative BioPharma’s new drug was not only ineffective but also caused serious side effects that the company was “hiding.” The videos encouraged viewers to “boycott” the company’s products and “do their own research,” linking to other misinformation websites.  But that’s not even what the company does.

Who did it? The perpetrators were a group of coordinated activists whose goal was to discredit the pharmaceutical company and the medical community. They were driven by an ideological opposition to mainstream medicine and were using the brand’s name to give their misinformation a veneer of legitimacy.  So it was a dirty deed for a presumably good cause.

How were they caught? The content of the videos was quickly flagged by both Innovative BioPharma’s social media monitoring team and medical professionals on the platform. That’s because IBP’s team consists of communication specialists who have worked for the top five pharmaceutical companies, creative agencies, patient advocacy groups, and consumer healthcare groups. They have held positions in medical/scientific affairs, clinical services, account management, corporate training, strategic marketing, product management, and field sales. So they knew the fake videos contained factual inaccuracies that were easily disproven by official clinical trial data.

What did the brand do? The company’s response was multi-pronged. Their legal team worked with TikTok to get the fake account and the videos removed. However, the videos had already been viewed and shared millions of times and re-uploaded by other users.  They issued a detailed press release and published a series of videos on their official channels with a medical expert to debunk the misinformation point-by-point. They also collaborated with health influencers and medical organizations to share accurate information about their drug. They were able to undo some of the damage.  In the long term, Innovative BioPharma intensified its social media monitoring efforts, using AI-powered tools to quickly detect and respond to brand mentions and potential misinformation campaigns. They also created a dedicated section on their website and social media profiles, titled “Fact Check,” to proactively address common myths and provide accurate information.

But the problem of impersonation and brand imitation is not limited to just high-profile industries like tech, pharma, medicine and space exploration.  It affects businesses in all industries.  And, it doesn’t even have to be a high-profile brand.

Case in Point 4:  The “Next Door” Neighborhood Impersonation of a Local Real Estate Firm

A local South Florida real estate agent, Luisa Chacon, had a strong presence in the community. She used platforms like Nextdoor, Zillow, Realtor.com and other sites to engage with residents, share market updates, and build relationships with potential clients. Her brand was built on trust, friendliness, and her knowledge about the neighborhood. 

What was done? Because affordable housing is so hard to find in South Florida and a good deal offered by what looks like a reputable realtor is hard to resist, a family replied to a post for a very affordable apartment listed on Craigslist.  The ad provided another link to a Zillow page.  That page had, in part, the name of the realtor, Luisa Chacon, and some biographical information which checked out.  Chacon was a real Realtor.  She was licensed and practicing in a Brokerage firm. She also had an Instagram page with apartments and homes she had sold. All of that was true. But the apartment in the ad was fake and the person posting that ad was an impersonator, not Chacon. The family was instructed to send a cash transfer using Zelle to Chacon in order to secure the apartment.  They were told to do it without seeing her in person because they worked like Airbnb, entirely online.   

Who did it?  Chacon was innocent.  The actual perpetrator was a scammer, stealing people’s money.  They were using Chacon’s trusted brand name, license and brokerage firm affiliation to engender trust.  Ultimately, three different families were scammed with that one fake ad. The first sent $1210.  Another lost $1800.  And another lost $2000.  The Craig’s List ad was free.  The scammers spent little time and no money and walked away with over $4k.

How were they caught?  The perpetrator was not caught.  In this case, there were multiple victims: those desperately looking to rent an affordable home and were out thousands of dollars; and the local realtor who has nothing to do with the crime but who had angry victims show up at her own home demanding money the scammer stole using the Realtor’s good name.

What did the brand do? Craigslist eventually took down the fake account. Chacon’s Brokerage firm posted a public message on their official Nextdoor profile, apologizing for the confusion and clarifying the situation. They also provided a clear, visible link to their official website and contact information so that community members could easily verify their identity in the future. To prevent this from happening again, Chacon’s Broker now encourages all agents to link their personal profiles on various platforms to the official company page, creating a more cohesive and verifiable brand presence. They also created a clear “Report a Fake Account” button on their website, providing a direct channel for the community to report suspicious activity.  And their website indicated they would never request money to be sent using CashApp, Zelle, etc. All applicants would need to meet with someone in person to secure a property.

How to Protect Your Brand: A Proactive Approach

The examples above are a powerful reminder that every brand, regardless of industry, online strategy or company size, can be a potential target. Protecting a brand from impersonation and imitation requires a proactive, multi-layered approach. 

Dan Schawbel believes that “A company’s brand serves as the best protection against business factors that a company can’t control.”  He meant that a strong, well-defined brand is the first step in creating a shield. If a company has a clear and consistent brand identity, it’s easier for customers to spot and disregard a fake identity.  The brand should also clarify the company’s standard operating procedures and identify practices that aren’t legitimate so that prospective customers know not to fall for a scam.

Here are some top tips and best practices to help prevent and quickly detect fraudulent activity, minimizing the potential for damage.

1. Secure the Brand’s Digital Footprint from the Start

• Claim and Verify Handles: The first and most crucial step is to immediately secure the brand’s name on all major social media platforms, even ones that the brand does not plan to use. Claiming those handles (e.g., YourBrandName) prevents others from doing so. Once claimed, get profiles officially verified with the platform’s blue checkmark or equivalent symbol. This is the single most effective way to signal authenticity to the brand’s audience.
  
  
• Register Domain Variants: Impersonators often create fake websites with names that are common misspellings or slight variations of the brand. Proactively register those domain names (e.g., YourBrandName.co, https://www.google.com/search?q=YourBrnadName.com ) to prevent bad actors from using them to run phishing scams.
  
  
• Create a Brand Guidelines Document: Develop a clear and detailed brand style guide that outlines your brand’s official logo, colors, fonts, tone of voice, and approved imagery. This document serves as a reference for your internal team and a powerful tool for proving to social media platforms that a fraudulent account is “off-brand.”

2. Implement a Robust Monitoring and Detection Strategy

• Use Social Listening Tools: Manual monitoring is no longer enough. Invest in social listening tools like Mention, Brandwatch, or Sprout Social that can track mentions of your brand name, trademarks, and key executives across the web and social media platforms in real-time. These tools can be set up to flag suspicious activity, such as a new account with a similar name or a surge of negative sentiment.
  
  
• Set Up Google Alerts: A simple and free tool like Google Alerts can be highly effective. Set alerts for your company name, product names, and the names of your leadership team. You’ll receive an email notification whenever these terms appear on a new webpage, allowing you to quickly spot and address unauthorized use.
  
  
• Encourage Your Community: Empower your customers and followers to be your first line of defense. Explicitly state on your official social media pages and websites how users can identify a fake account and what they should do if they spot one. Provide a dedicated email address or a “report a scam” form on your website.

3. Have a Clear and Ready-to-Execute Response Plan

• Create a Crisis Management Plan: A crisis management plan should include a specific section for social media impersonation. This plan should clearly outline who is responsible for detecting the fake account, who is authorized to communicate with the platform and the public, and what the approved messaging will be.
  
  
• Follow the Platform’s Reporting Process: Each social media platform has a specific process for reporting impersonation. Know these processes in advance. Gather all the necessary evidence—screenshots of the fake profile, posts, and any fraudulent activity—to submit with your report. The faster and more comprehensive your report is, the quicker the platform can act.
  
  
• Communicate with Your Audience: Once a fake account is detected, it is essential to communicate with your followers. Acknowledge the issue, warn them about the scam, and clearly state that the fraudulent account is not associated with your brand. Provide a link to your official, verified accounts to reinforce where they can find you.

4. Strengthen Your Internal Security

• Enforce Strong Password and Security Policies: Ensure that all employees with access to your brand’s social media accounts use strong, unique passwords. Crucially, enable two-factor authentication (2FA) on all platforms. This adds an extra layer of security and makes it significantly harder for a hacker to gain unauthorized access, even if a password is compromised.
  
  
• Limit Access and Permissions: Not everyone on your team needs full administrative access to social media accounts. Limit permissions to only those who absolutely need it. And, when an employee leaves the company, you immediately revoke their access to all brand accounts.  That may seem harsh, but a recently departed employee is one of the easiest to impersonate because some might not even know the person is no longer an employee and will relax their guard.
  
  
• Educate and Train Your Team: Regularly train employees on social media security best practices. Teach them how to spot phishing attempts, what to do if they receive a suspicious message, and the protocol for reporting a potential brand impersonation incident. An informed team is a vigilant team.

By taking these proactive steps, a company can not only reduce its vulnerability to impersonation but also build a more resilient and trustworthy brand in the face of an ever-evolving digital threat landscape.

Quote of the Week
“A brand is the set of expectations, memories, stories and relationships that, taken together, account for a consumer’s decision to choose one product or service over another.  Counterfeits or impersonations can erode trust and severely damage the brand’s image.” Seth Godin

© 2025, Keren Peters-Atkinson. All rights reserved.