Is using third-party logos in phishing simulations considered trademark or copyright infringement?
This page has been prepared for general information purposes only to permit you to learn more about the our products and services.
We are not a law firm. The information presented is not legal advice, is not to be acted on as such, may not be current, and is subject to change without notice. None of our representatives are lawyers and they also do not provide legal advice. We recommend you consult a lawyer if you want legal advice. No confidential relationship exists or will be formed between you and us or any of our representatives.
The misunderstanding: Using the logo (or similar branding) of another company in a simulated phishing attack will open up a customer to legal action from that company for trademark or copyright infringement.
The truth: The crux of a trademark infringement claim is whether there is consumer confusion as to the source of a particular product or service. When our customers and partners incorporate another company’s logo (or similar branding) in a simulated phishing email, that logo (or similar branding) is not used in a way that confuses customers into believing that their goods or services originate with, are related to, or are sponsored by the company whose logo is displayed. Our customers are not branding goods or services with anyone else’s logo; rather they are engaged in security awareness training.
Any potential confusion is mitigated by a corrective landing page and/or instructional video that launches at the conclusion of a simulated phishing attack, advising users to be more wary of phishing scams. The Platform includes sample language at the bottom of its 'Training' landing page reinforcing that any third party logo (or similar branding) is for illustrative or instructional purposes only and there is no affiliation or relationship between the mark owner and us or our customer. Customers should not omit this important information when customising landing pages.
From a copyright perspective, incorporating a third party logo (or similar branding) in a simulated phishing email serves an entirely new, transformative purpose, and as such, constitutes a fair use. The logo (or similar branding) is employed in a different manner (unrelated to the offering or sale of goods or services) and for a different purpose (aimed at security awareness and educating the public about how to avoid phishing scams). This transformative use does not undermine the copyright holder or any market that the copyright holder would reasonably exploit.