Note: the following conversations are fictional, but nonetheless, full of good advice – pay heed, Fearless Reader!
He is the CEO of a large organization. He oversees many employees, and is quite active on social media – expressing his opinion on many subjects, and making new friends every day. But Jack isn’t really the most careful user on social media – he tweets about his birthdays, his new home and car, his good looks for someone his age, and so on. He really isn’t convinced that he is in danger on social media. Welcome to the Managed Services Blog, and today, we will do our best to show Jack that he has to take social media security seriously.
So, as we enter Jack’s big office, and sit down on the luxurious leather chairs, we notice that Jack looks a bit disgruntled. We probe him with a few questions, and find out that his analysts just discovered several well-made fake profiles of him and his company which are making slant comments on their industry and pushing phishing links to users, which is causing their followers to distrust the real company and Jack, and is damaging their online reputation. He still doesn’t know the reason why those imitators are doing it, or how they made such uncanny accounts. We said that is was due to his activities on social media – his gruff response:
Jack: What does what I do on my personal social media account have to do with these @$!*#% fake profiles?
Well, he’s certainly in a rough mood… But, to answer his question, fake profiles take many cues from the real profiles that they are imitating. If a profile posts links to, say, a certain website, the fake profile will post similar tweets, but with disguised links that go to phishing sites. The unaware user will click on the link, go to the site, and might get his/her device roped into a botnet or become a target of a scam or hack.
We press on with our discussion. He asks us:
Jack: How the heck do these imitators get their information? It’s like they everything about the company and myself.
At this point, we opened Jack’s personal Twitter and Instagram accounts, with his permission, and saw the answer. We saw tweets and posts describing his age, his birthday, photos of him, his email addresses, P.O. Box, and more. This is prime phisher fodder – using all this information, plus some good writing, users can be fooled into following and interacting with the fake profile, resulting in unhappy users, less traffic to the real profile(s), and damaged reputation.
When we said this, Jack started to understand what was going on. He then asked us a good question:
Jack: Who do you guys think could do something like this to me and my company’s reputation?
A very good question indeed, Jack. Fake profiles are very easy to create, and most creators are pranksters, fraudsters, blackmailers, and insiders. The insider threat is the most dangerous, as a disgruntled employee can easily enact his revenge on his place of employment by spoiling its reputation. He/she could say things on the profile that turn the public’s outlook of the company; he/she could leak confidential documents and information on sites like WikiLeaks, which will spoil the company’s image, particularly if the organization promised security and privacy for customers.
By this time, Jack understood that he was very frivolous on his account, and told us that he would begin to ‘clean up’ his account. Before we adjourned the meeting, he asked us one final question:
Jack: Do you guys know of anything out there that can monitor our accounts, and make sure that nothing bad happens to them?
Jack, do we have something for you – our Hawk-i service is a powerful VIP online reputation protection report system that hunts down fake profiles and derogatory articles online, relays the results to the real person, and takes down the offending profiles and articles. Hawk-i detects and classifies all online content and accounts based on a set threat criteria. A detailed report is then produced, which shows the level of the VIP’s online reputation safety. Once authorized, the system, one-by-one, takes down the derogatory information and accounts, which then can give way to more positive articles, which builds the reputation of the VIP.
Jack was really impressed with our offering, and told us he will call us later, hoping to do business with us. We left his office feeling good that another social media user has realized that, while he can still go about his usual business on social media, he just needs to be a bit careful about what goes out from his end. When we checked on the status of his online presence and the presence of his company some time later, we found that the public outlook was increasingly positive, due to less fake profiles sending out bad and malicious information.
To hear this post as an audio blog, click here.
And that’s a wrap on this week’s post of the Managed Services Blog. Remember to check back next week for more intriguing posts. Until then, take care and stay Cyber Safe.