In this fourth instalment of our Brand Protection 101 series, we discuss the role of audits in launching a strategy and action plan that best aligns with the online health status of the brand
Table of Contents
Once the basic concepts and the importance of registering a brand have been covered, the next step in developing an Online Brand Protection strategy is to carry out audits that provide a general overview of the brand’s online health — in other words, to identify existing infringements and potential risks.
Below, we outline the audits and checks every brand should carry out to ensure effective protection.
Brand Audit
A Brand Audit is an analysis of the exact uses of a brand within the domain landscape, providing an overview of the brand’s health and helping to identify both risks and opportunities, defined as follows:
- Risks: domains registered with fraudulent intent, domains the brand has not secured and which could therefore be registered by third parties, or domains that have already been registered by third parties.
- Opportunities: domains that are currently available or nearing expiration.
This analysis is essential not only to understand the brand’s starting point but also to highlight existing and potential infringements and risks that require action. In other words, if we ignore them, we won’t be able to address them.
Ultimately, the audit enables us to identify unauthorised uses of the brand by third parties, such as domain squatting or cybersquatting — i.e. domain registrations intended to profit from or harm the brand, often through fraudulent tactics.
Furthermore, the results of the Brand Audit allow us to define the brand’s Online Brand Protection strategy in line with actual needs and real-world risks, avoiding the over-allocation of resources or, conversely, the neglect of vulnerabilities.
What makes this audit particularly valuable is its ability to prevent infringements and fraudulent attacks that exploit the brand to deceive users.
What it includes
The Brand Audit analyses the use of the exact brand name in domain names across all available domain extensions, whether generic or country-specific, providing valuable insights into its current status.
For example, Ubilibet’s Brand Audit indicates whether a domain is:
- Registered by the brand
- Held by a third party
- Unregistered
- Restricted
- No data available
In addition, it includes key information to assess the risk level associated with each extension and the importance of registering or recovering it.
Carrying out this audit not only allows us to identify domain squatting or vulnerabilities (i.e. relevant domains that remain unregistered), but also to detect markets (territories) or sectors (industry-specific extensions) where unauthorised use of the brand is particularly prevalent.
When to conduct it
The most strategic moment for Online Brand Protection is undoubtedly in the early stages of the brand, as this allows for the implementation of the first proactive and preventive protection measures — anticipating and blocking potential risks from the outset.
But let’s be realistic: Online Brand Protection is still a relatively unknown field.
That’s why we always recommend carrying out a Brand Audit as a starting point when introducing brand protection measures, regardless of the business type or sector.
Once an initial exploratory Brand Audit has been completed, the need to repeat it will depend on whether:
The brand has implemented monitoring solutions: in this case, any change from the original audit findings will be detected through active monitoring, so repeating the audit may not be necessary.
The brand has not implemented monitoring solutions: here, we recommend repeating the audits periodically to maintain visibility and control over existing and potential infringements. The frequency may vary depending on the brand’s reputation, popularity, or industry.
Cybersquatting Audit
Unlike the Brand Audit, the Cybersquatting Audit identifies all registered domains that contain the brand — not just exact matches, but also domain names that reference the brand (e.g. marca-spain.com).
Ubilibet’s Cybersquatting Audit is conducted by a legal team specialised in Online Brand Protection, and provides information on:
- The status of the domains detected
- The number of high-risk domains identified
- The level of risk each domain presents
- The type of threat involved (e.g. impersonation, phishing, etc.)
- Legal recommendations
- Guidance on how to proceed in each case
In short, this audit enables us not only to detect and eliminate infringements, but also to anticipate potential fraudulent attacks aimed at impersonating the brand.
When to conduct it
It is advisable for every brand to carry out this audit, as it complements the Brand Audit by offering broader anti-fraud coverage.
Naturally, it is particularly relevant for established and well-known brands, as they are prime targets for cybercriminals — as well as for brands in fraud-sensitive sectors such as Banking and Finance, Insurance, Energy, Pharma, or Retail.
There are several factors that determine how frequently this type of audit should be performed, such as:
- Whether proactive protection services have been implemented
- Whether monitoring services are in place
- Whether domain portfolio management is decentralised
- Whether the brand is unaware of third-party registered domains that mention it
- Whether the brand has previously been a victim of fraudulent attacks
If the brand does not have real-time protection services in place — which is the recommended approach — it should conduct regular Occupation Audits.
In the case of brands with decentralised domain portfolio management and no clear control over authorised partners, this audit is key to obtaining a full picture of all existing registrations. It provides much-needed control and a roadmap for defining internal protocols to manage the domain portfolio in a secure and efficient way.
Security protocols check
Beyond domains, there are other key factors that determine the level of brand protection against online infringements and fraud, such as communications with customers, users, and suppliers.
SPF, DKIM and DMARC
The SPF, DKIM and DMARC protocols protect users from fraudulent communications that use techniques such as spoofing to deceive recipients by impersonating the legitimate brand.
Major email service providers have long required compliance with these protocols, especially for brands that send large volumes of emails.
DMARC is arguably the most complex and still unfamiliar to some brands, as it has different levels of implementation.
VMC and BIMI
BIMI is a security standard supported by multiple email clients such as Gmail that allows the brand’s logo to be displayed as an avatar. Meanwhile, VMC is a certificate that verifies that the logo belongs to the brand claiming it.
Beyond the marketing potential of having both implemented — as VMC and BIMI increase visibility in users’ inboxes and provide Gmail’s blue verification checkmark — they are highly relevant in the fight against fraudulent emails.
Having a sender clearly identified as legitimate thanks to VMC and BIMI helps users distinguish phishing emails from genuine brand communications. This is extremely important given the rise in brand impersonation attacks we have seen over the past year. Therefore, it is an indispensable tool for brands.
When to conduct them
Unlike domain registration, which depends on third parties, in this case we only need to perform an initial and final check to verify correct implementation, as once active there should be no changes.
However, it is important to bear in mind that these protocols are implemented at the domain level, so each domain will require a separate check.
Conclusions
Having knowledge of third-party uses of the brand is essential to begin protecting it, by identifying risks and preventing and anticipating fraud.
It’s clear that if you don’t look, you won’t find — but in this area, not looking has consequences: both reputational and financial.
Brands that are just starting out with Online Brand Protection, or wish to do so, should take this first step to gain a clear understanding of what their strategy and action plan need to include. Established brands should do the same if they lack real-time protection or do not manage their assets centrally.
Need help against brand impersonation?
Send us a message. Our team will reach out shortly.