This webpage/discussion has been prepared for general information purposes only to permit you to learn more about KnowBe4 and our products and services. KnowBe4 is not a law firm. The information presented is not legal advice, is not to be acted on as such, may not be current, and is subject to change without notice. None of our customer service representatives are lawyers and they also do not provide legal advice. Although we go to great lengths to make sure our information is accurate and useful, we recommend you consult a lawyer if you want legal advice. No attorney-client or confidential relationship exists or will be formed between you and KnowBe4 or any of our representatives.
The misunderstanding: Using the logo of another company in a simulated phishing attack will open up a customer to lawsuits from that company for trademark or copyright infringement.
The truth: The crux of a trademark infringement claim is whether there is consumer confusion as to the source of a particular product or service. When KnowBe4’s customers incorporate another company’s logo in a simulated phishing email, that logo is not used in a way that confuses customers into believing that their goods or services originate with, are related to, or are sponsored by the company whose logo is displayed. KnowBe4’s customers are not branding goods or services with anyone else’s logo; rather they are engaged in security awareness training. Potential confusion is mitigated by a corrective landing page and/or instructional video that launches at the conclusion of a simulated phishing attack, advising users to be more wary of phishing scams. KnowBe4 includes sample language at the bottom of its “OOPS - corrective landing page” reinforcing that any third party logo is for illustrative or instructional purposes only and there is no affiliation or relationship between the mark owner and KnowBe4 or KnowBe4’s customer. Customers should not omit this important information when customizing landing pages.
From a copyright perspective, incorporating a third party logo in a simulated phishing email serves an entirely new, transformative purpose, and as such, constitutes a fair use. The logo is employed in a different manner (unrelated to the offering or sale of goods or services) and for a different purpose (aimed at security awareness and educating the public about how to avoid phishing scams). This transformative use does not undermine the copyright holder or any market that the copyright holder would reasonably exploit.
NOTE: Despite KnowBe4's strong stance that conducting simulated phishing exercises is a necessary part of building a strong security culture and human firewall to protect your organization from cyberattacks, certain organizations, such as the Internal Revenue Service or Department of Treasury, do not approve of these exercises.