Social media adoption is rapidly gaining with businesses making heavy investments to keep pace with the velocity of consumer demand among the numerous social media platforms. As of 2013, nearly 77% of the Fortune 500 use Twitter, 70% use Facebook and 69% advertise their brands in video format on YouTube. However, what are some of the pitfalls brands must avoid to realize the benefits offered by these hyper-marketing solutions?
With Opportunity Comes Risk
Fraudulent Accounts
Creating fake accounts on various social media sites has become a multi-million dollar business. Spammers and cyber crooks are creating fake accounts impersonating top personalities and brands to try to dupe followers into increasing the number of views or likes on their destination pages for nefarious reasons. Fans of a particular brand are susceptible to follow or like the fake account/page thereby exposing themselves to harmful links and illegal activity, while at the same time harming the real brand’s reputation. For example, a prominent Canadian reporter was defamed by a false profile that included misleading posts, poorly considered group memberships and inconsistent political positions.
Hacked Accounts
Hackers across the globe are targeting their efforts to gain access to accounts of recognizable personalities and brands. For example, in April 2013 hackers were able to take hold of the Associated Press’ twitter account and posted the following message, “Breaking: Two explosions in the White House and Barack Obama is injured”. Within a matter of hours the stock market created multi-million dollar losses in reaction to the fraudulent tweet.
Spam and Malware
With Facebook and YouTube emerging as popular destinations they have also become the most common platforms used for spreading spam. With a single like, share or tweet a spam message can be rebroadcast to thousands of friends. The practice of using the “like” button on Facebook to spread spam is so prevalent that there’s a term for it – likejacking. Symantec performed an analysis of likejacking schemes on Facebook and found that 15% of the 3.5 million video posts on any given day were likejacking attacks. In other words, 3 out of every 20 videos posted are possible attack vectors!
Data Compromise
Social media sites generate revenue through targeted advertisement based on personal information collected from users. Sites even encourage registered users to provide as much information as possible but with limited oversight, industry standards or incentives to educate users on security and privacy, users are at greater risk to identity theft and fraud.
Protective Measures
An American soldier abroad in Iraq discovered his bank account was being repeatedly accessed online and drained. Investigators were able to replicate access with nothing more than his name, email address and Facebook profile. This illustrates how easy it is to pivot from a social media profile to cause real harm. Below is a list of some strategies that can be employed by individuals and organizations to minimize a social media attack:
- Never share your social security or driver’s license numbers.
- Consider unique user names & passwords for each profile.
- Vary your passwords, ensure they are complex and change them regularly.
- Don’t give out your username & password to 3rd parties (even if it helps you connect to others and build your network).
- Minimize the use of personal information on your profiles that may be used for password verification or phishing attacks.
- Avoid listing the following information publicly: date of birth, hometown, home address, year of high school or college graduation, primary email address.
- Only invite people to your network that you know or have met as opposed to friends of friends and strangers.
- For password security verification questions, use a password for the answer (rather than assigning the actual response to a specific question, like “what is your mother’s maiden name?”).
- When age-shifting to protect your real birthday keep the date close, otherwise you may expose yourself to age discrimination.
- Watch where you post and what you say as it can be used against you later.
- Google yourself regularly and monitor your credit using the free annual report.
For businesses, social media teams should be small in size and consist of individuals with a background clearance who can be trusted with account passwords and the serious responsibility of posting on behalf of the organization. Automated technology can be used to provide continuous monitoring across all social channels to detect and remove spam. Link spams, text spam and spammy images must be filtered out on a regular basis from brand pages. Periodic training can help prevent phishing and similarly related attacks while the latest encryption techniques can help protect sensitive data. In the event of an incident, IT and legal should assist with the investigation and response.
As sophisticated users and businesses continue to harness the power of social media they must at the same time implement effective controls to prevent account takeover, protect their audience from spam, and remove impersonated brand accounts.