Skip to main content

Top UK companies plagued by rogue social media accounts

The top ten UK companies in the FTSE 100 are struggling with rogue and bogus social media accounts.

According to research (opens in new tab) from Proofpoint, of the top ten UK FTSE 100 brands, they have twice the amount of unauthorised accounts to contest with, and four of every five (80 per cent) of the associated Facebook accounts are unauthorised.

Also, two of every five (40 per cent) of Twitter accounts are unauthorised. Of these posts, tweets and comments, 3,000 consist of spam content.

Measured from 1 January 2014 to 3 February 2015 and surveying Facebook, Twitter, YouTube and GooglePlus accounts, the researchers found that of 720,899 pieces of content spread across 20 authorised accounts on 120 distinct applications, roughly 62,115 were generated by the companies themselves, and 658,784 are generated by the brands’ audience. On average, there are 45,721 pieces of communication per company.

Security blogger Graham Cluley told IT Security Guru that this was a situation he had seen with Twitter accounts sitting on known names, but it is a genuine problem as sometimes the scammers do have a better social media name than the actual brand.

He said: “I think generally people are getting better as a lot of the mistakes have been made, there are lots of tutorials on the web telling people how to do this and do it effectively. There is always a challenge, as there is with bogus domain names, but the difference with social media is that it is free, for a domain name you may need a stolen credit card but it can be a full time job looking through all those permutations or add a country to the end of the name, and people may think it is another off-shoot somewhere in the world.

“What I would recommend is that people create searches on social media just to keep an eye on their name and any possible permutations and see if your customers are occasionally tweeting the wrong people. If you see that there is definite abuse going on, report it to the security teams and try to get it shut down. After that you may be able to grab the actual name as well!”

The Proofpoint research found 161 instances of real security risks, which include content that leads to malware, phishing and other malicious activity. Since the average number of “likes” on a particular post is about 1,000, malware and phishing attacks are reaching 161,000 people.

Proofpoint said that the pervasiveness of social media use by and for UK enterprise brands is significant, while risks and threat activity for UK enterprise brands are trending higher. “This is likely due to the lack of visibility and focus on social media threats and risk vectors,” it said.

“To protect their investments, their audiences and to close social media backdoors into the rest of their communication infrastructure, UK enterprises should endeavour to understand their social media infrastructure and take action to deal with the bad actors looking to defraud them, distribute malware on their accounts, perpetrate scams, and attack their brands’ assets.”

The post Corporate social media accounts often deafened by rogue profiles (opens in new tab) appeared first on IT Security Guru (opens in new tab).