From fake “Cape Union Mart clearance sales” to deepfake investment pitches featuring Cyril Ramaphosa, Patrice Motsepe, or Nedbank executives, Facebook and Instagram feeds are increasingly flooded with scam ads weaponising the trust your brand has spent years building. And most brands are not responding - not because they don’t care, but because they don’t know where to start.
Welcome to South Africa’s brand impersonation crisis - and the case for why every business needs cyber threat intelligence.
The business of brand impersonation is booming
Meta’s ad platforms have become a playground for scammers .According to whistleblower evidence reported by The Wall Street Journal, internal Meta documents revealed that 70% of new advertisers on certain ad types were promoting scams or misleading offers.
In South Africa, this has become alarmingly visible. Scam ads impersonating major brands are widespread on Facebook and Instagram. Some examples from the past year:
- Fake Cape Union Mart ads offering “80% off clearance” deals, with links to clone websites that harvested credit card details. The brand confirmed it was not running the promotions and issued public warnings to consumers.
- WhatsApp job scams pretending to be from Ackermans and Checkers, promising R3,000 per week in exchange for small “admin fees”.
- AI-generated video ads featuring Patrice Motsepe, President Cyril Ramaphosa, and Springbok captain Siya Kolisi, falsely endorsing “AI trading bots” and crypto platforms.
- Cloned Nedbank investment ads that redirected users into WhatsApp chats with “consultants” running advanced banking fraud schemes.
This isn’t limited to Meta platforms. Spoofed domains, clone websites, and even Google ads are being used in parallel to increase believability and reach. And because the ads are paid and targeted, they look legitimate. Victims often realise the truth only after they’ve lost money or shared sensitive data.
This isn’t a platform problem anymore. It’s a leadership problem.
Meta’s official legal position - in both the United States and other jurisdictions - is that it “does not owe a duty of care to users.” This defence is rooted in Section 230 of the US Communications Decency Act, which broadly shields internet platforms from liability for content posted by third parties, including paid advertisements. In practice, this means Meta cannot be easily held responsible for scam ads running on its own platform, even when those ads result in financial harm, reputational damage, or impersonation.
This legal shield has been challenged in multiple global high-profile lawsuits, including one by Australian mining billionaire Andrew Forrest, who alleged Meta failed to prevent hundreds of deepfake ads using his likeness to promote fraudulent investments. Meta’s defence in that case, as in others, is that it cannot reasonably monitor or control every piece of content and is therefore not liable under current legal frameworks.
But in South Africa, where such platform protections have not yet been tested or legislated to the same extent, the gap in enforcement is even more severe. Local institutions like the FSCA (Financial Sector Conduct Authority) can issue warnings and alerts, but they have no jurisdiction to compel foreign platforms like Meta to remove or prevent scam content. Likewise, the SAPS cybercrime division is underfunded and under-resourced, often relying on victims themselves to initiate legal action - a near impossibility when perpetrators are offshore and anonymous.
Which brings us to the uncomfortable truth for brand owners:
If your brand is being used to defraud people - and you’re not actively monitoring or responding - could that expose your company to reputational damage, consumer trust erosion, or even legal vulnerability?In South African law, there is no explicit statutory duty compelling trademark holders to police online impersonation. However, legal experts caution that prolonged failure to act may constitute tacit tolerance, weakening your ability to enforce your trademark against future infringers. It may also give rise to , particularly in sectors where public trust and consumer protection are paramount.
And in the court of public opinion? Silence is often interpreted as indifference. Customers don’t distinguish between your brand and a scammer using your logo — they simply ask: “Why didn’t you do anything?”
Brand impersonation is a marketing, compliance, and C-suite problem
This is not just a digital marketing issue.
- Marketing teams are watching their legitimate campaigns compete with scam lookalikes, diminishing ROAS.
- Legal and compliance teams face exposure when customers are harmed by impersonators using company trademarks.
- Risk and IT teams must account for fraud vectors beyond traditional cyber threats.
And the C-suite owns brand equity. If your brand becomes “known for scams,” it erodes long-term value. According to research from the Consumer Goods Council of South Africa, the estimated value of counterfeit goods sold in SA is over R362bn annually, much of it driven by digital impersonation and unauthorised brand use.
Who’s liable when scammers use your brand?
Legally, the primary liability for brand-impersonation scams lies with the scammer – they are committing fraud. In South Africa, this conduct can attract criminal charges (fraud, forgery) and civil claims by victims. However, questions of secondary liability are often raised. Globally, platforms hosting scam content have been criticised for not acting in good faith. (For example, in Australia the regulator ACCC sued Meta (Facebook) in 2022 for allegedly failing to stop scam ads that impersonated celebrities.) While South Africa hasn’t yet seen a high-profile case against a platform for hosting brand scams, there is growing pressure on intermediaries to clamp down on fraud. The bottom line is that brands themselves are victims of these schemes, but doing nothing to combat impersonation carries its own risks.
Trademark risks and unintended consequences (Under South African Law)
Local brand owners are starting to ask tough questions about the consequences of doing nothing. Under South African trademark law, which protects registered marks (statutory rights) and unregistered marks (through common-law passing off), not addressing impersonation can backfire. Some key concerns include:
Trademark enforceability
South African courts frown upon lengthy toleration. So, according to SA law, failure to act against impersonators could weaken our ability to enforce our trademark later. If inaction continues over a long period, the brand owner could be prevented from enforcing the trademark by law.
According to the Supreme Court of Appeal, if a company waits before arguing its rights, it may win the legal argument, but still be denied the quick relief of stopping the trademark use. There’s another side to this: if impostors freely use your name, the trademark’s distinctiveness and the goodwill attached to it may diminish. In this nightmare scenario, your brand becomes generic or may lose its association with a single source. So, failing to police your trademark today could leave you with a diluted or defenceless brand tomorrow.
Reputational harm and consumer trust
Businesses are at risk of reputational harm or lost consumer trust if they allow scams in their name to continue unchecked. If scammers repeatedly abuse your brand, customers may start doubting the brand itself. Doing nothing not only emboldens scammers; it signals to consumers that the brand isn’t safeguarding its name.
South Africa has experienced a surge of impersonation scams targeting well-known companies and tarnishing their images. Examples include fraudsters posing as agents of Cape Town investment firm MitonOptimal and peddling “fake opportunities” in late 2023, and a similar incident in 2024, when digital marketing agency R17 Ventures discovered scammers were running a WhatsApp pyramid scheme in its name. Both companies had to repair their damaged reputations and reassure clients to avoid losing business and protect brand equity.
Cleaning up the mess is costly; companies must issue warnings, engage investigators or attorneys to remove fake accounts, and invest in public education to rebuild trust.
Duty to protect brand equity (Feduciary responsibility)
Although there’s no statute forcing a business to sue imposters, brands have a strong implicit duty to protect their trademarks and goodwill. Under South African company law, directors must act in the best interests of the company and safeguard valuable intangible assets. A well-known trademark or brand reputation is seen as a company’s crown jewel. Allowing it to be eroded by scammers could be considered neglecting those assets.
It’s important to be proactive. Today, good brand governance means brand policing, which involves monitoring social media, domain registrations, and other channels for imposters. When a scam is discovered, businesses must act swiftly to protect the public and demonstrate that they do not permit infringement of their trademark, logo, and content. This isn’t just a legal tactic; it’s part of responsible brand stewardship.
Pursuing scammers can be challenging, as they are often anonymous or offshore. But the risks of doing nothing can have devastating effects. While the scammers bear the legal blame, brand owners who turn a blind eye also pay the price, with diminished rights and reputational damage. Vigilant brand protection, through legal action, public education, and collaboration with platforms/regulators, is fast becoming a necessary part of doing business in the digital age.
How South African businesses can stay ahead with Ravenwatch
Offernet’s Ravenwatch service is the local answer to a global problem.
Adapted specifically for the African business environment, Ravenwatch is a managed service that detects, monitors, reports, and removes digital threats, with no complex tech stack or legal fire drills required.
“We created Ravenwatch because South African brands were being abused at scale - and the response was too slow, too reactive, and too manual,” says JG Bezuidenhout, a co-founder of Offernet.“Our clients needed a way to monitor their brand, detect threats, and take action - without spending millions on lawyers or relying on platforms that don’t prioritise local enforcement.”
With Ravenwatch, marketing and compliance teams get peace of mind, not admin tasks. You don’t have to monitor scam ads, draft legal notices, or navigate takedown portals. .
Ravenwatch: What it delivers
Ravenwatch is not just software. It’s a fully managed defence system for your brand, combining machine intelligence and human enforcement. Key features include:
- 24/7 brand monitoring (social, search, web, marketplaces, domains)
- Executive impersonation detection (AI-generated media and social spoofing)
- Spoofed domain and clone website alerts
- Dark web mentions and stealer log scans
- Platform enforcement and automated takedown requests
- Cease and desist documentation and takedown assistance
- Threat intelligence reporting and exposure summaries
Whether your brand is being impersonated on Facebook, your CEO’s face is being used in a deepfake ad, or your domain is being cloned to collect customer data, Ravenwatch will find it, log it, and act.
Ready to know the truth?
If you’ve never audited your brand’s exposure to impersonation and fraud, now is the time.
Find out if your brand is vulnerable. Request your free Ravenwatch risk scan at www.offernet.net/ravenwatch.In a world where digital threats evolve daily and trust is harder than ever to earn, Ravenwatch helps you defend what matters most.
