Someone is using my company's logo and name to send scam emails — what can I do?
This is brand impersonation fraud and is a crime in most jurisdictions. You can report it to email platforms, domain registrars, and law enforcement.
Last reviewed: 1 June 2026
Explanation
Brand impersonation occurs when fraudsters use your company name, logo, and communication style to deceive third parties — often your customers, suppliers, or employees. Common tactics include registering domains with slight misspellings of your name (typosquatting), using your logo in phishing emails, and setting up fake social media accounts. The impact includes financial loss to the victims of the fraud, reputational damage to your business, and possible legal exposure if customers assume you are responsible. You can take action by reporting the impersonating domain to the registrar using a UDRP (Uniform Domain-Name Dispute-Resolution Policy) complaint, filing abuse reports with email providers, and working with a solicitor to send cease-and-desist notices where the impersonator can be identified.
Common red flags
- Customers reporting receiving invoices or payment requests from a domain similar to yours
- An unfamiliar domain registered with your business name
- Social media accounts using your logo and name that you did not create
- Employees receiving phishing emails that appear to come from within your own company
What to do now
- Report the impersonating domain to the registrar and request takedown
- Alert your customers through official channels that fraudulent emails are circulating
- File a report with your national fraud authority and police
- Consider registering common typosquatting variations of your domain as a preventive measure
Frequently asked questions
Can my company be held liable for fraud committed using its name?
Generally no, if you were not involved and take prompt action to warn victims and report the fraud. Document your response carefully in case of any later legal claim.