Scams & shams: The trouble with social networks
- 20 October, 2009 03:45
It's hard to understand who in their right mind would want to incur the wrath of "Triple H," the intimidating superstar of professional wrestling. But when a poser created a fraudulent MySpace account in Triple H's name, it wasn't the wrestler that the perpetrator had to contend with.
The smackdown came from someone who was actually watching the wrestler's back - Lauren Dienes-Middlen. She's vice president of intellectual property at World Wrestling Entertainment, the Stamford, Conn., company that owns the trademark. WWE notified MySpace, which terminated the account immediately.
The growth of social networks has brought a variety of threats that can potentially damage a brand's good name. Most of those threats aren't new, however. Social networks have simply become another attack vector, whether for spreading malware, launching assaults on an individual's or company's reputation, or creating impostor social networking sites that divert traffic away from the brand's legitimate sites.
The Triple H incident wasn't the first time that an impostor had commandeered the name of a trademarked WWE personality. "We've had a lot of impersonations," mostly on Facebook, MySpace and Twitter, says Dienes-Middlen. In fact, it's enough of a problem that Twitter recently launched an initiative to verify some accounts.
A Good Offense
To protect themselves, businesses should defensively register company brand names and trademarks -- and variations on those names -- on the major social networking sites, just as they do with domain names, to protect against cybersquatters, says Pamela Keeney Lina, an intellectual property lawyer at Alston & Bird LLP in Atlanta, who has written about protecting intellectual property on social networks.
Social media cybersquatting is where domain name cybersquatting was 10 years ago, says James Carnall, manager of the cyberintelligence division at security monitoring firm Cyveillance Inc. People use variations on brand names to open accounts on social networking sites, in hopes that companies will pay them to relinquish control of the accounts.
He points to the online market Tweexchange as a prime example of how trading in social network names is a growing business. Unlike domain names, however, social networks have no central authority like ICANN or established processes for reclaiming brand names from cybersquatters.
Some impostors are simply overzealous fans, but Dienes-Middlen is more concerned about scammers and those who sell pirated videos and poor-quality knockoff WWE merchandise, which robs the company of revenue and cheapens its brands. Those sites lure users through social networks, spam, abusive search engine marketing and other channels. Last year, WWE shut down 3,200 online auctions of phony WWE products with an estimated street value of $16 million to $33 million.
During one Wrestlemania pay-per-view event this spring, WWE was able to use social networking sites to identify a number of unauthorized Web sites that planned to stream the event live. It also found 8,600 sites that had made pirated copies or footage of the event available after the fact. "Counterfeiting operations are highly organized, are very global and are picking up steam because of the economy," says Liz Miller, vice president of the Chief Marketing Officer (CMO) Council.
The Cost of Piracy
Online counterfeiting also damages brands in other ways. For example, some people who buy pirated copies of Microsoft Corp.'s Windows operating system may think they have legitimate copies, says Cori Hartje, senior director of the Microsoft Genuine Software Initiative. What they get is software that often includes embedded spyware and malware -- and they expect Microsoft and its channel partners to support the product.
Hartje says she's seen research showing that counterfeiters today can make more money from the spyware and malware than they get from selling the pirated software itself. Meanwhile, the user blames Microsoft for any problems the malware causes. "That hurts our brand," Hartje says.
At WWE, while the onus is on the corporation itself to find and shut down sites peddling pirated videos and other counterfeit wares, most sites do try to cooperate. Many video-sharing sites, such as YouTube, have tools available to report and take down footage that violates copyrights.
Dienes-Middlen says the challenge isn't shutting down the sites that WWE finds, but keeping up with the new ones that continue to crop up. While businesses can assign employees to do that, she recommends trying a third-party monitoring service to get a handle on the problem. Dienes-Middlen thought she had things under control -- until she did a test run with brand protection service MarkMonitor The losses WWE had uncovered on its own were just the "tip of the iceberg," she says.
Soon afterward, she went to WWE's chief operating officer to ask for additional funds to clamp down on the illicit activity. "This was something we needed to attack. Our most valuable asset is our intellectual property," Dienes-Middlen says. "You have to protect [it] or you lose your rights to it."
Social networking sites can be a launch pad for reputation attacks from competitors, customers or disgruntled employees. Jeff Hayzlett, chief marketing officer at Eastman Kodak Co., says he has seen competitors try to hijack conversations -- sometimes anonymously -- with customers on the company's Twitter and blog sites.
In one Twitter exchange between Kodak and a prospective customer, a competitor jumped in and "inundated" the inquirer with negative comments about Kodak's product while promoting his own company's offering. It was, Hayzlett says, "a rude way to participate." He has a name for Twitter users who employ such tactics: He calls them "twankers."
Any time you sell a product or service, you're going to have issues like this, Hayzlett says, so Kodak hired a "chief listener." That person monitors all conversations and routes problems to the appropriate group, be it legal, IT or marketing, so that the company can follow up. When a customer is publishing negative comments, he says, his preference is to have a private conversation rather than use a public forum.
Other threats can be self-inflicted. Hayzlett himself admits to prematurely posting a tweet about the impending retirement of a product. "I accidentally hit Send instead of Save and tweeted out what we had worked six months to protect," he says. In the time it took to delete the tweet, four people had retweeted it. "I had to reach out to them and beg them to [remove it]." Even then, the tweet may have shown up in Twitter searches.
Gartner Inc. analyst John Pescatore says a client that runs a campground chain had an employee who thought he'd be helpful by posting a spreadsheet on Facebook that showed which sites were available and which were booked -- but it included the credit card numbers campers had given to reserve their sites. Data-leak prevention tools won't find such data when it's posted outside a corporate firewall. With social networks, "periodically looking at content has to be part of the cost equation," Pescatore says.
Some threats come from inside. In an April survey of more than 2,000 U.S. employees and executives by Deloitte LLP, nearly three quarters of the employees said that it was easy to damage a company's reputation using social media -- and 15% said they would post comments online if their company did something they didn't agree with.
That could be a big problem for WWE, since employees who know the storylines of its scripted events could spill the beans. "If those outcomes were revealed, it would destroy the experience for the fans," Dienes-Middlen says, so all WWE employees are required to sign confidentiality agreements.
Social networks also have been used by scammers to lure a brand's customers to malware or phishing sites -- or to e-commerce sites hawking counterfeit or gray-market products. According to a survey by MarkMonitor, which tracks online threats for its clients, in the 12-month period ending in the second quarter of this year, phishing attacks on social networking sites increased by 164%.
In a CMO Council survey of 4,500 senior marketing executives, nearly 20% of the respondents said they had been affected by online scams and phishing schemes that had hijacked brand names. It was the third-biggest category, right behind cybersquatting or illegal use of a trademarked name, and the illegal copying of digital media content. The fourth category was online sales of fake products that contain deficient or dangerous ingredients.
Barbara Rentschler, CMO at K'nex Brands LP, sees cybersquatting, online scams and false association of its brands on other sites as the biggest threats to the toy maker's brands on the Web. She uses a monitoring service to track and shut down cybersquatters and scam sites. Many sites that misappropriate K'nex trademarks are overseas, she says. Most aren't malicious: They're simply businesses that hope to become K'nex distributors.
With so many different brand threats to contend with online, it's important to have a coordinated strategy. Unfortunately, says Cyveillance's Carnall, many organizations take a triage approach, sending the issue to legal, IT or marketing. "They silo it," he says. But someone needs to be keeping track of outcomes and the overall impact on the brand, he contends. "You almost need a brand intelligence officer."
At Kodak, the buck stops at the CMO's desk. Hayzlett keeps communication flowing through what he calls online councils with every department in the organization, including IT, legal and human resources. "Everyone needs to work together and understand each role. We work as a team," he says.
Communication between marketing and IT is key. "The most powerful team would be if you connected the CMO and the CIO at the hip," Miller says.
Customers are often the first to notify a business of a problem, so listen to customer service lines carefully, says Frederick Felman, CMO at MarkMonitor. At WWE, it was fans, not staffers or a monitoring service, who first reported the Triple H imposter. "Take the complaints you get seriously," Felman advises, "and be prepared to act quickly."
Rentschler says IT needs to educate colleagues in marketing about risks. If IT sees a problem and fixes it without telling anyone, "no one else will know what to look out for," she warns.
IT needs to push back more when marketing plans can jeopardize brand security. It must, for example, fight pressure to rush Web site changes through without thorough security checks. "I don't think IT does a good job of saying, 'Here's all of the IT issues with the brand upkeep,' " Rentschler says.
With so much online turf to monitor and so much activity in cyberspace, it's important to prioritize. Lynn Goodendorf, global head of data privacy at U.K.-based InterContinental Hotels Group, says she tries to focus on sensitive, confidential data. But even there, you have to have realistic goals. "Mitigate your largest exposures," she says, "but don't think you can mitigate it down to zero."