Glossary

Key terms used across our site and services.

A

Abandoned Domain: A registered domain that the brand owner no longer uses or monitors, which may be hijacked or repurposed by impersonators.
Abuse Report: A structured report submitted to a registrar, hosting provider, platform, or service to request investigation or removal of malicious or impersonating content.
Account Takeover (ATO): When a third party gains unauthorized access to a legitimate user or brand account (social, email, app) and uses it to impersonate the brand or defraud victims.
Affiliate Compliance: A framework within which third‐party partners or affiliates must operate in connection with a brand, enabling the company to control how its brand is used and ensure safe affiliate marketing practices.
Alternate Text-Based Impersonation: Use of look‐alike characters, homoglyphs, or Unicode substitutions in domains or names to mimic the brand and fool users.
Anti-Counterfeiting: Proactive use of technology, processes and tools to detect and remove counterfeit goods or services that misuse a brand, either online or offline.
App Store Fraud: Malicious or impersonated mobile applications submitted to app marketplaces bearing the brand’s identity to mislead users or distribute malware.
Attack Surface Management (ASM): The practice of discovering, monitoring and managing the full set of externally-facing digital assets (domains, apps, cloud services, social-profiles) that present potential risks to a brand’s digital presence.

B

Brand Abuse: The exploitation of a brand by third parties for illegal or unauthorised purposes — for example phishing, typosquatting, fake social profiles, counterfeit goods.
Brand Asset Misuse: Unauthorized use of a brand’s trademarked logos, slogans, imagery, or other visual identity in digital channels to mislead or impersonate.
Brand Asset Registry: A central repository of the brand’s legitimate digital assets (domains, social profiles, apps, logos) used to validate authenticity and compare suspicious entities.
Brand Authentication Technology: Technologies (such as blockchain, digital watermarks, verifiable credentials) used to verify that a digital asset or transaction genuinely originates from the brand.
Brand Damage Susceptibility: A metric or score reflecting how vulnerable a brand is to online impersonation, misuse, or reputation-harm from external digital threats.
Brand Dilution: Erosion of a brand’s distinctiveness and value due to unauthorized uses, confusing look-alikes or deceptive associations.
Brand Gating: Restricting or controlling the usage of a brand’s name, assets, or identifiers on third‐party platforms or channels to reduce impersonation risk.
Brand Hijack: When an attacker takes control of or abuses the brand’s legitimate digital property (e.g., social profile, domain, app store listing) and uses it for fraudulent ends.
Brand Impersonation: When a malicious actor pretends to be a legitimate brand (or uses a closely similar identity) to deceive users or exploit the brand’s trust.
Brand Intelligence: Collection and analysis of data about how a brand is being used or mis-used across digital channels (websites, apps, social media, dark web) to identify abuse and drive response.
Brand Mapping: The process of inventorying and visualising where a brand appears online (domains, apps, social channels, marketplaces) including third-party channels where it might be impersonated.
Brand Monitoring: The continuous tracking of brand-related keywords, brand assets, digital channels and third-party platforms to detect misuse or impersonation.
Brand Protection: The ongoing work of detecting, investigating, and responding to misuse of a brand across domains, websites, marketplaces, social channels, and other digital assets.
Brand Reputation Attack: Deliberate attempt by impersonators or counterfeiters to hijack, distort or degrade perception of a brand through negative associations or false claims.
Brand Reputation Monitoring: Tracking of brand perception, sentiment and mentions across digital channels to detect trends that may signal impersonation, abuse or reputation-threats.
Brand Risk Management: The holistic discipline of identifying, assessing, monitoring and mitigating risks to a brand’s integrity, reputation and digital footprint.
Brand Safe Advertising: Ensuring advertising placements and digital campaigns do not appear adjacent to or connected with content that undermines the brand’s reputation or could facilitate impersonation.
Brand Threat Intelligence: Gathering and analysing data specific to threats targeting a brand (fake domains, fake apps, impersonation campaigns, counterfeit listings) to drive response.
Brandjacking: A specific form of brand impersonation or identity theft where the online identity of a brand (or a prominent individual) is taken over or mis-used for malicious ends.
Bulk Registration Detection: Technique to identify when many domains, sub-domains or app listings with slight variations of the brand name are registered rapidly, signalling a possible impersonation campaign.

C

Channel Monitoring: Continuous surveillance of digital interaction points (social media, app stores, web forums, marketplaces) to detect fake or fraudulent representation of the brand.
Charity Impersonation: Fraudulent campaign where attackers use the brand’s name (or a look-alike) in the name of charity or relief appeals to exploit trust and collect funds illegitimately.
Closure Reporting: The status and evidence provided after remediation work is completed, showing what was removed, when action was taken, and whether access was verified as closed.
Cloud Asset Exposure: When brand-owned assets (APIs, sub-domains, storage buckets) are exposed publicly or unmanaged and used by impersonators to mislead or brand-jack.
Compromised Brand Channel: When a brand-managed channel (social account, official app, website) is taken over by an attacker and used to impersonate or defraud customers.
Counterfeit Goods: Unauthorised or illicit products using the brand’s trademark or identity to mislead customers — often sold online through marketplaces or grey-channels.
Credential Capture Page: A phishing or fraudulent web page designed to collect usernames, passwords, MFA codes, or other login details from victims.
Credential Exposure: The presence of usernames, passwords, tokens, or other account data in leaked datasets, criminal marketplaces, or attacker-controlled infrastructure.
Credential Leak Scanner: Tool or service that monitors for the brand’s credentials, employee credentials or customer credentials appearing in public or dark-web leaks that could be used for impersonation.
Cybersquatting: The registration, use or trafficking of domain names that imitate or are confusingly similar to a brand’s domain with bad-faith intent to profit from the brand’s goodwill.

D

Dark-Web Monitoring: Scanning of hidden or less-regulated parts of the internet (e.g., dark web forums, marketplaces) for mentions of the brand, credentials, or illicit activity that may lead to impersonation or abuse.
Deep Link Hijacking: When malicious apps or sites use deep links to brand’s legitimate mobile app behaviour to impersonate or intercept brand’s user flows.
Deepfake Impersonation: Use of AI-generated or manipulated audio, video or imagery to pose as the brand or its executives, for fraudulent or reputational attacks.
Digital Certificate Abuse: Issuance or use of SSL/TLS certificates for domains or sub-domains mimicking the brand to lend false credibility to fraudulent sites.
Digital Footprint Rediscovery: Periodic process of scanning the internet to rediscover forgotten, abandoned, or rogue digital assets (domains, apps, sub-domains) that may expose the brand to abuse.
Digital Risk Protection Service (DRPS): A service or platform that monitors digital channels (domains, apps, social media, dark web) and provides alerting and remediation for brand threats.
Domain Bounce Attack: Use of a domain resembling the brand’s domain to redirect traffic temporarily to a malicious site then drop it, confusing tracking and evading detection.
Domain Hijacking: When an attacker takes control of a brand-owned domain (via registrar compromise) and uses it to impersonate the brand or host fraudulent content.
Domain Takedown: Process of suspending, closing or seizing a malicious or infringing domain (that is impersonating the brand) through registrar, registry or hosting provider action.
Domain Typosquatting: Registration of domain names that are slight miss-spellings or look-alikes of the brand’s legitimate domains, used to trick users or launch fraud campaigns.

E

Evidence Collection: The process of gathering URLs, screenshots, timestamps, headers, and related context so an incident can be validated, reported, and escalated effectively.
Executive Impersonation: Targeted form of brand abuse where threat actors pretend to be C-suite or leadership figures within the brand to request internal actions, wire transfers or leak data.
Exposure Monitoring: Continuous tracking for leaked credentials, stolen data, impersonation indicators, or threat chatter that may signal increased risk to an organisation.

F

Fake App: A mobile or desktop application that mimics the legitimate brand or uses its identity without authorisation, often to phish users or distribute malware.
Fake Customer Support Portal: A fraudulent website or chat service using the brand’s identity to impersonate support, collect credentials or payment data from users.
Fake Review Flooding: Large volume of inauthentic reviews posted on eCommerce or marketplace platforms posing as customers of the brand to distort sentiment or damage trust.
Fake Storefront: A fraudulent ecommerce or checkout experience that impersonates a legitimate seller or brand in order to steal payments, credentials, or personal data.
Fraudulent Domain: A domain name registered to imitate or misuse a brand for malicious or deceptive purposes.

G

Geo-targeted Impersonation: When attackers create fake brand channels or domains targeting a specific region or country using localised language, TLDs or promotion to maximise credibility.

H

Hosting Provider: The company or service responsible for serving a website or application online, often one of the parties contacted during phishing and malicious website takedowns.

I

Impersonation Campaign: A coordinated set of actions by threat actors that use the brand’s identity (domains, apps, profiles) to carry out fraud, phishing or fake-offer schemes.
Incident Reporting: The formal process of documenting and submitting malicious activity, security events, or phishing infrastructure to the right internal teams and external providers.
Incident Response: The coordinated set of actions taken to investigate, contain, remediate, and recover from a security event or active threat affecting an organisation.

L

Lookalike Domain: A domain that imitates the brand’s legitimate domain in appearance (using character substitutions, unicode homographs or added words) to mislead users.

M

Malicious Website: A website used to deceive users, distribute malware, steal credentials, impersonate a brand, or support other harmful or fraudulent activity.
Marketplace Abuse: When third parties or bad actors misuse online marketplaces (e.g., listings, reviews, counterfeit goods) to impersonate a brand or damage its reputation.
Mis-/Disinformation Proxy: A fake website, social-profile or communication channel impersonating the brand to spread false information, mislead customers or damage brand reputation.
Multi-Channel Hijacking: Simultaneous impersonation of the brand across multiple digital channels (email, social, domain, app) to increase legitimacy of the fraud or attack.

O

On-Premise Asset Mapping: Identification and inventory of all digital assets (domains, cloud services, APIs, apps) owned by the brand so that unmanaged or unknown assets cannot be exploited by impersonators.
Online Brand Protection: A strategic discipline combining monitoring, detection, enforcement and remediation to safeguard a brand’s online identity, reputation and assets from abuse.

P

Phishing Domain: A domain created by threat actors to appear like the brand’s legitimate site (often via typosquatting or look-alikes) to collect credentials or sensitive data from victims.
Phishing Kit: A reusable package of files, templates, and scripts that attackers deploy to create phishing pages quickly and imitate trusted login or payment experiences.
Phishing Takedown: The process of identifying, validating, reporting, and removing phishing infrastructure such as domains, pages, and supporting services.
Proxy Domain Registration: Use of anonymous or privacy-masked registrations by impersonators to register brand-look-alike domains, making legal takedowns more complex.

R

Referral Spoofing: Manipulating referral tracking or partner links so that an impersonated brand appears to have referred traffic or transactions which it did not.
Registrar: The organisation through which a domain name is registered and managed; registrars are often involved when abusive or fraudulent domains need to be investigated or suspended.
Remediation Workflow: Pre-defined process or play-book through which detected impersonation or brand-abuse incidents are responded to — including takedown requests, domain seizures, legal actions, and communications.
Reseller Channel Monitoring: Monitoring authorised and unauthorised resellers of the brand across digital marketplaces to detect and shut down impersonated listings or counterfeit goods.
Reverse Domain Mapping: Technique of mapping known rogue domains back through hosting, registrar and DNS data to identify clusters of impersonation campaigns targeting the brand.

S

SDK Impersonation: When malicious software development kits (SDKs) in mobile apps misuse the brand’s identity (via icon, name) to impersonate legitimate brand apps or services.
Social-Media Impersonation: Creation of fake or misleading social-media accounts posing as the brand, its executives or its affiliates in order to deceive users or spread fraud.
Spoofing: The act of falsifying identity data (like sender address, domain, or social-account name) to appear trustworthy and linked to a legitimate brand.

T

Takedown Automation: Use of software or platforms to automatically generate and submit removal or suspension requests for detected brand-abuse entities (domains, apps, listings, profiles) to speed response.
Threat Feed: Stream or dataset of signals (e.g., newly registered domains, reported phishing URLs, fake apps) used by brand-protection teams to identify brand-impersonation risks in near-real-time.
Threat Takedown Escalation: Procedure that prioritises high-severity brand impersonation incidents and escalates them through manual human review and legal or enforcement action.
Threat Validation: The process of confirming that a suspicious signal, page, domain, or alert is genuinely malicious and merits escalation or remediation.
Token Squatting: Registration or listing of cryptocurrency tokens with names resembling the brand to defraud or mis-lead investors or users into thinking they are affiliated with the brand.
Trademark Squatting: Registration of trademarks (or service marks) in bad faith by third parties to exploit a brand’s reputation, block legitimate use, or force negotiation.
Triage: The prioritisation of alerts or incidents based on severity, business impact, and likelihood so teams can focus attention where it is most needed.

U

URL Analysis: Reviewing the full structure of a URL, including domain, subdomain, path, and parameters, to identify deception, impersonation, or malicious intent.

V

Virtual Brand Discovery: Technique of using automated scanning and crawlers to discover un-registered or rogue assets (domains, apps, sub-domains) that are impersonating or mis-using the brand’s identity.

W

Web Harvesting Detection: Detection of scraping or harvesting of brand’s digital content (logos, trademarks, assets) for reuse in impersonation campaigns.
Website Defacement: Unauthorised alteration of a website’s content or appearance, often used to spread messages, damage trust, or signal compromise.
Website Malware Monitoring: Continuous monitoring for malicious scripts, injected content, suspicious page changes, and other indicators that a website may be compromised or abused.
Website Threat Detection: The identification of suspicious or malicious activity affecting a website, such as phishing pages, malware, unauthorised changes, or linked abuse infrastructure.