We look at how social networks put a new face on brand-damaging activities, ranging from reputation attacks to imposter sites.

While the popularity of social networks such as Facebook and Twitter soars, businesses have also seen an increase in the potential ways a brand's good name can be damaged.

Most of those threats aren't new, however. Social networks have simply become another attack vector, whether for spreading malware, launching assaults on an individual's or company's reputation, or creating impostor social networking sites that divert traffic away from the brand's legitimate sites.

A good offence

To protect themselves, businesses should defensively register company brand names and trademarks - and variations on those names - on the major social networking sites, just as they do with domain names, to protect against cybersquatters, says Pamela Keeney Lina, an intellectual property lawyer at Alston & Bird LLP, who has written about protecting intellectual property on social networks.

Social media cybersquatting is where domain name cybersquatting was 10 years ago, says James Carnall, manager of the cyberintelligence division at security monitoring firm Cyveillance.

People use variations on brand names to open accounts on social networking sites in hopes that companies will pay them to relinquish control of the accounts.

He points to the online market Tweexchange as a prime example of how trading social network names is a growing business. Unlike domain names, however, social networks have no central authority like ICANN or established processes for reclaiming brand names from cybersquatters.

Some impostors are simply overzealous fans, but according to Lauren Dienes-Middlen, vice president of intellectual property at World Wrestling Entertainment (WWE), a bigger concern are the scammers and those who sell pirated videos and poor-quality knockoff merchandise, which robs a company of revenue and cheapens its brands.

Dienes-Middlen recently successfully got MySpace to shut down a fraudulent account in the name of WWE star Triple H.

She said that the sites that sell knock-off merchandise lure users through social networks, spam, abusive search engine marketing and other channels. Last year, WWE shut down 3,200 online auctions of phony WWE products with an estimated street value of $16m to $33m (£9.7m to £20m).

During one Wrestlemania pay-per-view event this spring, WWE was able to use social networking sites to identify a number of unauthorised websites that planned to stream the event live.

It also found 8,600 sites that had made pirated copies of footage of the event available after the fact.

"Counterfeiting operations are highly organised, are very global and are picking up steam because of the economy," says Liz Miller, vice president of the Chief Marketing Officer (CMO) Council.

Broadband speed test

Small business IT advice

NEXT PAGE: The cost of piracy

  1. Facebook and Twitter may be more of a hindrance than a help when it comes to business
  2. The cost of piracy
  3. Self-inflicted threats
  4. Co-ordinated strategy

We look at how social networks put a new face on brand-damaging activities, ranging from reputation attacks to imposter sites.

The cost of piracy

Online counterfeiting also damages brands in other ways. For example, some people who buy pirated copies of Microsoft's Windows operating system may think they have legitimate copies, says Cori Hartje, senior director of the Microsoft Genuine Software Initiative.

What they get is software that often includes embedded spyware and malware - and they expect Microsoft and its channel partners to support the product.

Hartje says she's seen research showing that counterfeiters today can make more money from the spyware and malware than they get from selling the pirated software itself.

Meanwhile, the user blames Microsoft for any problems the malware causes. "That hurts our brand," Hartje says.

At WWE, while the onus is on the corporation itself to find and shut down sites peddling pirated videos and other counterfeit wares, most sites do try to cooperate.

Many video-sharing sites, such as YouTube, have tools available to report and take down footage that violates copyrights.

Dienes-Middlen says the challenge isn't shutting down the sites that WWE finds, but keeping up with the new ones that continue to crop up.

While businesses can assign employees to do that, she recommends trying a third-party monitoring service to get a handle on the problem.

Dienes-Middlen thought she had things under control - until she did a test run with brand protection service MarkMonitor. The losses WWE had uncovered on its own were just the "tip of the iceberg", she says.

Soon afterward, she went to WWE's chief operating officer to ask for additional funds to clamp down on the illicit activity.

"This was something we needed to attack. Our most valuable asset is our intellectual property," Dienes-Middlen says. "You have to protect [it] or you lose your rights to it."

Social networking sites can be a launch pad for reputation attacks from competitors, customers or disgruntled employees.

Jeff Hayzlett, chief marketing officer at Eastman Kodak, says he has seen competitors try to hijack conversations - sometimes anonymously - with customers on the company's Twitter and blog sites.

In one Twitter exchange between Kodak and a prospective customer, a competitor jumped in and "inundated" the inquirer with negative comments about Kodak's product while promoting his own company's offering.

It was, Hayzlett says, "a rude way to participate". He has a name for Twitter users who employ such tactics: He calls them "twankers".

Any time you sell a product or service, you're going to have issues like this, Hayzlett says, so Kodak hired a "chief listener" who monitors all conversations and routes problems to the appropriate group, be it legal, IT or marketing, so that the company can follow up.

When a customer is publishing negative comments, he says, his preference is to have a private conversation rather than use a public forum.

Broadband speed test

Small business IT advice

NEXT PAGE: Self-inflicted threats

  1. Facebook and Twitter may be more of a hindrance than a help when it comes to business
  2. The cost of piracy
  3. Self-inflicted threats
  4. Co-ordinated strategy

We look at how social networks put a new face on brand-damaging activities, ranging from reputation attacks to imposter sites.

Other threats can be self-inflicted. Hayzlett himself admits to prematurely posting a tweet about the impending retirement of a product.

"I accidentally hit Send instead of Save and tweeted out what we had worked six months to protect," he says.

In the time it took to delete the tweet, four people had re-tweeted it. "I had to reach out to them and beg them to [remove it]." Even then, the tweet may have shown up in Twitter searches.

Gartner analyst John Pescatore says a client that runs a campground chain had an employee who thought he'd be helpful by posting a spreadsheet on Facebook that showed which sites were available and which were booked - but it included the credit card numbers campers had given to reserve their sites.

Data-leak prevention tools won't find such data when it's posted outside a corporate firewall. With social networks, "periodically looking at content has to be part of the cost equation", Pescatore says.

Some threats come from inside. In an April survey of more than 2,000 US employees and executives by Deloitte, nearly three quarters of the employees said that it was easy to damage a company's reputation using social media, and 15 percent said they would post comments online if their company did something they didn't agree with.

That could be a big problem for WWE, since employees who know the storylines of its scripted events could spill the beans.
"If those outcomes were revealed, it would destroy the experience for the fans," Dienes-Middlen says, so all WWE employees are required to sign confidentiality agreements.

Diversionary tactics

Scammers also use social networks to lure a brand's customers to malware or phishing sites - or to e-commerce sites hawking counterfeit or gray-market products.

According to a survey by MarkMonitor, which tracks online threats for its clients, in the 12-month period ending in the second quarter of this year, phishing attacks on social networking sites increased by 164 percent.

In a CMO Council survey of 4,500 senior marketing executives, nearly 20 percent of the respondents said they had been affected by online scams and phishing schemes that had hijacked brand names.

It was the third-largest category, right behind cybersquatting or illegal use of a trademarked name, and the illegal copying of digital media content. The fourth category was online sales of fake products that contain deficient or dangerous ingredients.

Barbara Rentschler, CMO at K'nex Brands www.knex.com , sees cybersquatting, online scams and false association of its brands on other sites as the biggest threats to the toy maker's brands on the web.

She uses a monitoring service to track and shut down cybersquatters and scam sites.

Many sites that misappropriate K'nex trademarks are overseas, she says. Most aren't malicious: They're simply businesses that hope to become K'nex distributors.

Broadband speed test

Small business IT advice

NEXT PAGE: Co-ordinated strategy

  1. Facebook and Twitter may be more of a hindrance than a help when it comes to business
  2. The cost of piracy
  3. Self-inflicted threats
  4. Co-ordinated strategy


We look at how social networks put a new face on brand-damaging activities, ranging from reputation attacks to imposter sites.

With so many different brand threats to contend with online, it's important to have a coordinated strategy.

Unfortunately, says Cyveillance's Carnall, many organisations take a triage approach, sending the issue to legal, IT or marketing.

"They silo it," he says. But someone needs to be keeping track of outcomes and the overall impact on the brand, he contends.

"You almost need a brand intelligence officer".

At Kodak, the buck stops at the CMO's desk. Hayzlett keeps communication flowing through what he calls online councils with every department in the organisation, including IT, legal and human resources.

"Everyone needs to work together and understand each role. We work as a team," he says.

Communication between marketing and IT is key. "The most powerful team would be if you connected the CMO and the CIO at the hip," Miller says.

Customers are often the first to notify a business of a problem, so listen to customer service lines carefully, says Frederick Felman, CMO at MarkMonitor.

At WWE, it was fans, not staffers or a monitoring service, who first reported the Triple H imposter.

"Take the complaints you get seriously," Felman advises, "and be prepared to act quickly".

Rentschler says IT needs to educate colleagues in marketing about risks. If IT sees a problem and fixes it without telling anyone, "no one else will know what to look out for," she warns.

IT needs to push back more when marketing plans can jeopardise brand security. It must, for example, fight pressure to rush website changes through without thorough security checks.

"I don't think IT does a good job of saying, 'here's all of the IT issues with the brand upkeep'," Rentschler says.

With so much online turf to monitor and so much activity in cyberspace, it's important to prioritise.

Lynn Goodendorf, global head of data privacy at InterContinental Hotels Group, says.

She tries to focus on sensitive, confidential data, but even there, it's important to have realistic goals.

"Mitigate your largest exposures," she says, "but don't think you can mitigate it down to zero."

Broadband speed test

Small business IT advice

See also: Twitter and Facebook costs businesses £1.38m

  1. Facebook and Twitter may be more of a hindrance than a help when it comes to business
  2. The cost of piracy
  3. Self-inflicted threats
  4. Co-ordinated strategy