On a daily basis, 30,000 websites are hacked, 75 million scams are sent via email and 41,000 identities are stolen.
Since its infancy, the web has been a gold mine for scammers who have continued to adapt to the ever-evolving landscape. Where individuals were once only tricked by phishing emails and fraudulent Web domains, now social media have brought con artists and scammers to a new domain.
As businesses and users around the world connect to more devices, subscribe to new apps and share on new social networks, scammers are watching. Today’s new fraud frontier features scammers who create fake social media accounts to buddy up to brands’ customers and take advantage of them with more sophisticated social engineering schemes.
The key for businesses to tackle this new fraud frontier lies in identification, mitigation and education.
6 Essential Tips
1. Open Your Eyes
Social domains are quickly becoming the largest arena for brand and business risk. It is a fast evolving, confusing world — and most businesses have only scratched the surface of the platforms where their customers exist. Often, businesses will first invest in a presence on a megasite like Facebook or Twitter.
However, there are a plethora of other social sites where a brand’s customers are having conversations with other customers and, in some cases, with social account holders they think are official representatives of a company or brand.
Take, a large brand such as Coca-Cola. The company has a large array of social accounts. It has more than a dozen “official” Twitter handles, including the main brand (@CocaCola), the corporate news entity (@CocaColaCo) and regional pages for markets in the UK, Canada and Columbia, to name a few.
However, there are also regional-looking accounts (@CocaColaVe, @CocaCola_TH @CocaColaID) that look similar to official accounts, even using branded logos on their pages. But these accounts are not in fact affiliated with the official brand, though an unfamiliar social user may be duped into thinking they are. In reality, someone with malicious intent may be lurking, so brands best beware.
2. Identify Risky Behavior
Understanding the social landscape is half the battle for businesses. But to help protect the brand’s reputation, they must be able to find specific threats – fake Facebook accounts with branded logos that share malicious links, or fake Twitter accounts that claim to be customer service representatives asking for personal information to “help” customers, for instance.
It is startling, but fewer than one in five executives can claim that their companies are effectively managing newly identified risks. This is why continuous monitoring of online risks is the only way to get ahead of the real threats that could create chaos for a brand’s reputation and its customers.
3. Mitigate Threats
Once a threat has been identified, it’s up to the business to mitigate the issue as quickly as possible. Otherwise, it leaves the business vulnerable to online risk that can lead to a tarnished brand reputation.
For instance, if a customer is misled by a fake Twitter account to unknowingly download malicious content, she is more likely to blame the brand whose image is being used to run the account, not the scammer.
Despite the prevalence of such tactics, most businesses are still unprepared to cope with online security incidents. This is likely due to organizations’ lack of both the right technology and the right people.
In fact, 86 percent of organizations believe that there is a shortage of cyber security professionals who can address security risks. It’s more imperative than ever that businesses be willing to try different solutions and services to find what is right for the organization – or risk losing more than just reputation.
4. Educate Your People
While it may be easy to suggest that security is an issue that is restricted to a business’s IT department, online risk has become a cross-organizational challenge. C-level executives want to increase brand awareness, so they encourage marketing teams to create social campaigns and PR teams to manage social media accounts to drive sales.
But with $3.5 trillion lost each year to fraudulent and financial crimes, security — especially within social domains — becomes a problem for every department.
From the CMO who cares about brand representation, to the CFO who deals with revenue effects of a breach, to the CSO who shuts down vulnerabilities, it is everyone’s collective effort that stands behind effective risk identification and mitigation.
Therefore, it’s up to business and IT leaders to collaborate and educate all stakeholders within the business.
5. Tag-Team With Your Customers
Once businesses have a proper reputational risk strategy and monitoring system in place, they can’t forget that the Internet is a vast arena.
New social domains are cropping up by the minute. And, to combat the sea of online risk in social domains, businesses must more closely partner with their customers to tackle threats before they can do more harm.
With one in 21 social media messages now containing spam, customers are often at the frontline of scammer actions as the recipients of such activity. Therefore, businesses should consider arming customers with additional tools.
For instance, creating a comment box on the support page of its website or an email address to flag any incidents can help a business identify potential threats faster and react in a more informed manner.
6. Stake Out Your Territory
The social landscape is constantly evolving. It goes without saying that it is crucially important for a business to control its presence on Facebook and Twitter – but what about Instagram? YouTube? Flicker? Pinterest? Etsy? There are many social networks where customers, prospects and competitors are active.
Businesses should consider auditing their presence across the widest possible array of social networks to capture a better sense of where their brands are being active.
To start, businesses could try www.namechk.com. Businesses must safeguard their brands on social domains that they think are strategic, but also investigate their presence on the social domains that they are less familiar with or have never heard of – places where their brands appear to be active.
Keeping these tips in mind, businesses may have a fighting chance to get ahead of social domain threats.
As online threats continue to evolve, so too must business users by becoming more knowledgeable about what’s out there and more sophisticated in their approaches to dealing with them. Businesses can’t wait until the next fraud domain emerges to tackle today’s online threats – that next reputational blow may be hiding in an innocent-looking tweet.