The top ten UK companies in the FTSE 100 are struggling with rogue and bogus social media accounts.
According to research from Proofpoint, of the top ten UK FTSE 100 brands, they have twice the amount of unauthorised accounts to contest with, and four of every five (80 per cent) of the associated Facebook accounts are unauthorised.
Also, two of every five (40 per cent) of Twitter accounts are unauthorised. Of these posts, tweets and comments, 3,000 consist of spam content.
Measured from January 1st 2014 to February 3rd 2015 and surveying Facebook, Twitter, YouTube and GooglePlus accounts, the researchers found that of 720,899 pieces of content spread across 20 authorised accounts on 120 distinct applications, roughly 62,115 were generated by the companies themselves, and 658,784 are generated by the brands’ audience. On average, there are 45,721 pieces of communication per company.
Security blogger Graham Cluley told IT Security Guru that this was a situation he had seen with Twitter accounts sitting on known names, but it is a genuine problem as sometimes the scammers do have a better social media name than the actual brand.
He said: “I think generally people are getting better as a lot of the mistakes have been made, there are lots of tutorials on the web telling people how to do this and do it effectively. There is always a challenge, as there is with bogus domain names, but the difference with social media is that it is free, for a domain name you may need a stolen credit card but it can be a full time job looking through all those permutations or add a country to the end of the name, and people may think it is another off-shoot somewhere in the world.
“What I would recommend is that people create searches on social media just to keep an eye on their name and any possible permutations and see if your customers are occasionally tweeting the wrong people. If you see that there is definite abuse going on, report it to the security teams and try to get it shut down. After that you may be able to grab the actual name as well!”
The Proofpoint research found 161 instances of real security risks, which include content that leads to malware, phishing and other malicious activity. Since the average number of “likes” on a particular post is about 1,000, malware and phishing attacks are reaching 161,000 people.
Proofpoint said that the pervasiveness of social media use by and for UK enterprise brands is significant, while risks and threat activity for UK enterprise brands are trending higher. “This is likely due to the lack of visibility and focus on social media threats and risk vectors,” it said.
“To protect their investments, their audiences and to close social media backdoors into the rest of their communication infrastructure, UK enterprises should endeavour to understand their social media infrastructure and take action to deal with the bad actors looking to defraud them, distribute malware on their accounts, perpetrate scams, and attack their brands’ assets.”
Brian Honan, CEO of BH Consulting, said that protecting an organisations online presence can be a challenge, and companies which don’t address that challenge can face damage to their brand and even loss of customers. “Fake profiles pretending to represent the brand can be one way for this damage to happen,” he said. “Another is profiles deliberately set up to hijack the brand of a major company, such as the Shell “oil spill” social media campaign in 2012. In many cases these fake profiles, or brand-jacking profiles, are hard to eliminate because they can be created so quickly and social media networks may be slow to respond to.
“The key to tackling this is to take a multiple step approach, which should include ensuring staff who are authorised to represent the company using social media are properly trained and aware of the issues so they can respond accordingly. Also regularly monitor social media platforms for profiles that are hijacking the brand and using appropriate methods try to get those profiles shutdown. Companies should also review their incident response plan to include social-media issues to ensure the most appropriate response is given in the event of a major issue occurring.”