Your Brand Threatened: How Negative SEO and Social Media Security Affect You

It often goes unsaid, that social media and search engine optimization can actually hurt a business. Crazy idea right? Everyone and their mother is out there spending countless man hours and eviscerating their marketing budgets on these two very lucrative strategies to gain new customers and clientele. However; the threat landscape is evolving, and part of that real estate is your piece of the pie. Your social media presence and your search engine visibility are at risk, which ultimately puts your brand at risk.

It didn’t take much to influence this post. Especially, since I have seen a 60% increase in the number of social media related attacks in the first 10 months of 2013 alone. I am going to briefly discuss why each outlet is used to improve brand visibility and popularity without going too far in depth, and then discuss what is at risk, who is targeting you, and what you should include in your strategy to defend against and mitigate such attacks.

If the tree falls and no one is around to hear it…

For those of you who live in the stone age, here is a little primer on the subject matter.

Social Media and SEO or Search Engine Optimization are two of the most employed marketing strategies in use today. Every one is investing at least some of their resources in either one or both of these strategies to gain the necessary brand exposure to propel their business… and why not?

Social Media provides businesses with a direct line of communication to their clients and potential customers. They can direct their resources specifically at those individuals who have an interest in their brand’s products or services.

On the other hand… SEO is a strategy to improve the visibility of a brand in the SERP (Search Engine Results Page) by indirectly reaching the intended audience. In other words, relevant content, paired with a little search engine intuition as to how the algorithm ranks a page can help improve the position of a domain in the result set of a given search query. It doesn’t sound like rocket science, and it isn’t, but it is extremely competitive and the big boys out there with the larger marketing budgets will make quite the investment just to have that much of an edge over their competition.

Social Media Security Risks

Time and time again, I have been put between a rock and a hard place with the question, “Why would any one bother hacking my Facebook account?”.

I often respond with this, “You have over 100,000 fans. You spend several thousand dollars a month in advertising. You acquire more than 15% of your customers from Facebook. Why wouldn’t someone hack it?”.

If that little scenario didn’t lay it out for you, hopefully this will:

  • Account Compromise – In 2011, Facebook reported that approximately 600,000 accounts are hacked daily. Not sure about you, but I would not like to be included in that (growing) statistic.
  • MalwareKoobface… enough said. If you haven’t heard about this little gem, then you should do a little investigating. Koobface is a worm that propagates itself though various social networking platforms (amongst other applications). Targets have included MySpace, Twitter, Facebook, and Bebo. It is OS agnostic, meaning that it can infect your Windows PC, your Mac, or your *Nix box.
  • Phishing – I can’t even begin to list all of the highly publicized phishing attacks that have taken place on major social networking platforms such as LinkedIn, Twitter, and Facebook this year alone. Users have reported being targeted via e-mail, on the platform itself (message inbox), and I have personally seen successful MitM attacks. If your bank is susceptible, why would you think that your social media is not?
  • Social Engineering – Where better to gather information about someone than on their social media accounts where they put it all out there? Where better to manipulate someone than on social media where they want to befriend every Tom, Dick, and Harry? I don’t know any qualified penetration tester out there now who does not employ some form of social media recon.

What I outlined above are “the big four”. Keep in mind that there are many forms of malware, many forms of phishing attacks, and don’t forget that there are inherent vulnerabilities in the platform software that when discovered, sometimes lead to a mass account compromise that you could fall victim to.

What is Negative SEO?

Good question… “What IS negative SEO?”.

As I mentioned earlier, SEO is a strategy that is employed to improve ranking in the SERP by providing quality content to your audience, optimizing your website and your content based on assumptions as to how the search engine algorithm works, and making sure that your content is relevant to how it is optimized. Relevant meaning that you did not optimize your web page for how to pick the perfect engagement ring when your content is about selling male enhancement supplements.

If you haven’t already guessed, Negative SEO is a strategy that is employed to drop your rank in the SERP. Instead of following the rules, we simply break them all. Your on-site optimization (keywords, description, alt attributes, etc.) could be intentionally optimized for irrelevant content. Your site could be backlinked from thousands of domains that are synonymous with spamming. Your site IP addressed could be submitted to spam and malware blacklists. The possibilities are endless, and by now… I think you get the point.

Who is targeting your Social Media and SEO efforts?

Most commonly, there are four types of adversaries that fall into this realm. Now this doesn’t encompass all of the possibilities, but based on my experience… this is what you should look out for.

  • Competitors – Sounds dirty, but I have seen this quite of few times with my small to medium-sized business clients. Their competitors will launch a nasty blackhat campaign to hurt their marketing efforts and help exhaust their marketing budgets. Think about it. If you are busy troubleshooting where your marketing strategy is falling apart and then trying to recover from such an attack, your competitor(s) have a good shot at taking over some of your market share.
  • Disgruntled Employees – Yep. This one is a no brainer and no matter the size of your business, this is probably the absolute worst case scenario. Your employees have inside information. Information that can really damage the integrity of your brand and hurt your reputation. Even worse… if it is an employee that knows the inner workings of your strategy.
  • Dissatisfied Customers / Clientele – Think about all of the lovely things that can be spread on social media about your brand when you get one dissatisfied customer with a little motivation and too much free time on their hands.
  • Hactivists – I had to throw them in here. There have been a number of random drive-by attacks on social media accounts initiated by hactivist groups across the globe. If what you do or what you represent doesn’t sit right with them, then you could definitely be wearing a bullseye.

The Brand Security / Marketing Defense Strategy Musts

Every business is different. Every business markets different. With that being said, I am aiming to highlight the points that you should definitely explore and (hopefully) include within your marketing and security strategy.

Remember, security should be in the DNA of the business. Not bolted on after the fact. Include it in every aspect of your business… including marketing!

  • Social Media Management – In light of recent reports regarding the highly publicized compromise of Buffer App, I still strongly encourage the use of a tool that will allow you to centrally manage your social media accounts, campaigns, and role delegation. Personally, I use HootSuite, but there are many options out there. Sprout Social is another good one. There are a few benefits of managing your social media in one place. Besides the fact that you can manage your social media campaigns across various platforms, you can utilize the role delegation features to compartmentalize who has access to what, and easily revoke that access when necessary. You can also use the analytics to obtain information about your accounts and to monitor social network activity surrounding your brand.
  • Analytics and Reporting – Data is king! The same information that you use to improve your marketing strategies can help narrow down potential problems. Analyze your traffic reports for traffic source, time of traffic, geographical information, etc. This information could prove crucial if you are dealing with and adversarial competitor.
  • AlertsGoogle Alerts is an amazingly unknown tool that could really save your hide. You can set up various notifications for various keywords and set a threshold as to when you would like to receive the alert. You should establish alerts surrounding your brand (including your brand name). Identifying where a fire starts before it spreads is very advantageous in the wild wild web.
  • Two-Factor Authentication – Without going into too much detail as to what two-factor authentication is, I can tell you this, if your social network supports it (most of them do; Google+, Facebook, Twitter, LinkedIn), then I highly suggest that you use it. Two-Factor Authentication (aka Two-Step Authentication) essentially requires a secondary (personal) device that you would receive a perishable code on to access your account in addition to your username and password. This greatly impedes any attempt at compromising your account.

In conclusion…

Again… the threat landscape is evolving and in order to keep your investment in marketing working for you, you need to understand what is at risk, who is targeting you, and what you can do to build a defense. With the growing number of social media attacks and brand based attacks in general, I am sure that 2014 is going to be filled (yet again) with a plethora of security woes. With the information provided, I hope that it can at least help deter such an attack from happening to you.

If you have anything that you would like to include, I strongly encourage it. This is a hot topic right now and there is a big demand for those of you who are researching the subject matter. Please feel free to contact me with any of your thoughts or questions. I would love to hear from you.

Leave a comment

Leave A Reply