Minerva

Trolling through the news this evening I found an interesting article on how Whole Foods got scammed. Okay - Whole Foods wasn't exactly scammed - but their loyal customers where. You can read the article here from CNN.

Just how easy was it for some one to setup a fake page, direct people to fill out a form to gather sensitive information (all for a chance at $500 in free groceries) and then slink away with data on who-knows-how-many people (worth $$$ on the black market)? A simple operation using social engineering on a social network. How long was it there before it was discovered? How many people were affected? and to what extent? Would it have happened IF Whole Foods hadn't had a Facebook page?

 There are no controls to prevent anyone from setting up a business style page (or a fan page of one for that matter) - I could set up Sears or a local church and still garner a good bit of nefarious information. So what is a firm to do? How does a company maintain its integrity online? I am sure this event will not be the last of its kind. Who will get hit next?

I did a quick check and 10 hours after the article was posted to see what kind of damage control Whole Foods was setting up. I was rather dismayed, a simple single Wallpost (almost buried by useless banter) advising consumers that only THIS page would provide valid offers and nothing was even mentioned on the official main web site. So I am left to wonder, if the people who where scammed even know the difference between an 'official' company facebook page and a fan page. Why should one take note of a seemingly simple look-like-the-rest posts? I can almost bet that at least one reader saw their 'warning' post and actually looked for the page so he or she could apply for that free food! (yes it really is THAT crazy out there)

While I am not privy to the kind of data elicited from people, I can pretty much assume something of value was asked for. Bank numbers? Credit card? Address and/or social security info? Passwords?

I was going to originally write this article to discuss how much it potentially cost Whole Foods for damage control. Media releases, internal follow ups, legal obiligations, and the like - but seeing a minimal response to such a scam enlightened me that perhaps in light of it all - Whole Foods has no obiligation to do so. Could they have prevented it from happening? Doubtful at best. Should they assist those scammed? Probably, but to what extent? Therein my friends (and readers) lays the heart of the matter - should some one be responsible?

The fallout of such a scam has potential to affect 1000s of people either financially or with identity theft or both. Are people so easily mislead on the web? Yes, sadly, but admittedly even the best and the brightest can fall victim to any number of scams at some point. I recall a few years ago a local web firm was praised for an award in the local media. Turns out the 'award' was paid for by the business, which in turn, was scammed out of a fair amount of money in return for a cheap plastic award and not a small amount of of humility more than likely. From simple Facebook scams to complex hoaxes. its human nature to get suckered once.

So what happens to the people affected? Apparently each is on their own. No guidence on how to navigate the horrible world of trying to recover. It may takes years for many to recover, if ever. No support, no class action suite, no special legislation investigations. The hard part is, some may not even know it right away.

So back to how should a company react? It will be a test of moral and ethical approaches to balance with the bottom line dollar figure. If it was your company that had customers scammed by a fake setup, what would you do?