Minerva

Trolling through the news this evening I found an interesting article on how Whole Foods got scammed. Okay - Whole Foods wasn't exactly scammed - but their loyal customers where. You can read the article here from CNN.

Just how easy was it for some one to setup a fake page, direct people to fill out a form to gather sensitive information (all for a chance at $500 in free groceries) and then slink away with data on who-knows-how-many people (worth $$$ on the black market)? A simple operation using social engineering on a social network. How long was it there before it was discovered? How many people were affected? and to what extent? Would it have happened IF Whole Foods hadn't had a Facebook page?

 There are no controls to prevent anyone from setting up a business style page (or a fan page of one for that matter) - I could set up Sears or a local church and still garner a good bit of nefarious information. So what is a firm to do? How does a company maintain its integrity online? I am sure this event will not be the last of its kind. Who will get hit next?

I did a quick check and 10 hours after the article was posted to see what kind of damage control Whole Foods was setting up. I was rather dismayed, a simple single Wallpost (almost buried by useless banter) advising consumers that only THIS page would provide valid offers and nothing was even mentioned on the official main web site. So I am left to wonder, if the people who where scammed even know the difference between an 'official' company facebook page and a fan page. Why should one take note of a seemingly simple look-like-the-rest posts? I can almost bet that at least one reader saw their 'warning' post and actually looked for the page so he or she could apply for that free food! (yes it really is THAT crazy out there)

While I am not privy to the kind of data elicited from people, I can pretty much assume something of value was asked for. Bank numbers? Credit card? Address and/or social security info? Passwords?

I was going to originally write this article to discuss how much it potentially cost Whole Foods for damage control. Media releases, internal follow ups, legal obiligations, and the like - but seeing a minimal response to such a scam enlightened me that perhaps in light of it all - Whole Foods has no obiligation to do so. Could they have prevented it from happening? Doubtful at best. Should they assist those scammed? Probably, but to what extent? Therein my friends (and readers) lays the heart of the matter - should some one be responsible?

The fallout of such a scam has potential to affect 1000s of people either financially or with identity theft or both. Are people so easily mislead on the web? Yes, sadly, but admittedly even the best and the brightest can fall victim to any number of scams at some point. I recall a few years ago a local web firm was praised for an award in the local media. Turns out the 'award' was paid for by the business, which in turn, was scammed out of a fair amount of money in return for a cheap plastic award and not a small amount of of humility more than likely. From simple Facebook scams to complex hoaxes. its human nature to get suckered once.

So what happens to the people affected? Apparently each is on their own. No guidence on how to navigate the horrible world of trying to recover. It may takes years for many to recover, if ever. No support, no class action suite, no special legislation investigations. The hard part is, some may not even know it right away.

So back to how should a company react? It will be a test of moral and ethical approaches to balance with the bottom line dollar figure. If it was your company that had customers scammed by a fake setup, what would you do?

The recent tragic happenings in Haiti is futher being compounded by fake scams, alerts, and donation bids on Facebook (and other non-validating social sites).  Even Facebook had to take direct counter-measures to reduce the impact of 'fake' pages and scams. What will we learn from this?

Social networking continues to be hounded upon for marketing businesses - BUT - there is no way to glean whether a business is legit or not on most social network sites. It is unfortunate that many people will be taken in by some of these neferious perps that make a bad situation worse. A current MSNBC article denotes some pitfalls for businesses and network security.

Anyone can create a facebook page without any type of authentication (other than a confirmation email).  I could create one to misdirect potential customers from my competitors to my 'fake' page that 'looks' like a competitor's. (but thats bad form) The only REAL self-authenicating place for online interaction is your real offical business web site. These are much harder to usurp (and probably more expensive to do!).

Protecting a business's good name online is much more than just good marketing content online - it also involves how your end viewers use and interact with that company online. Allowing 'anyone' the ability to post to your 'wall' - produces content your users have access that to that you may or may not condone. Oh, so your security allows friends of friends to post not everyone, ah well, thats different then. Not. Think about it - do you know EVERY person within that network? Well lets just make it for 'Friends' only - wow, still alot of people huh? Remember, it only takes 1 single individual to go from a positive enjoyable experience to "holy crap how am I going to fix/correct this?" Do you, as a business, scruntize every friend request?

I continually wonder on the beneficial use of social networking sites - it does work for some, others eh maybe not so much. For small companies and organizations using the leading social sites, all it takes is one neferious post on their 'wall' that links to a virus or trojan and customer trust goes out the window.

Now thats what I call news.

Finally some vindication that social networking outlets really are a waste of time (and money). A recent study by Pear Analytics has shown that 40.55% of all posts on Twitter is actually just pointless babble that really accomplsihes nothing. The whitepaper (found here) has other interesting tidbits concerning the content (and context) of twitter posts.

 In my humble opinion - the majority of tweets are complete waste of time and resources. Lets face it - unless a company is generating something newsworthy or setting the bar for anything - is there that MUCH worthy of twitting? Most small to mid size companies specialize in a central product or service, really just how much 'relative' information can be posted FREQUENTLY?

If you use Twitter for commercial purposes (aka non-personal/social) what percentage of posted data would be considered "babble"?

I'm sure many readers have seen the headlines where social networking is getting a bad rap - and with good cause. Its TRUE! I will be keeping this entry updated with national news headlines and links so you can see for yourself.

Oct 20 2009
Cyberthieves targeting Facebook, Twitter (link) from CNN

Oct 6 2009
Facebook imposter scams (link) from MSNBC

Sept 30 2009
Social media an inviting target for cybercriminals (link) from CNN

Unknown Date
Twitter: A Growing Security Minefield (link) from MSN

Having recently attended a seminar on data security, one of the key topics of discussion was the fact that instant messaging, social network sites, and even business networking sites can be a source for compromising business computers and networks.

So this leads one to ask, which predicate should prevail? Is marketing your company via potentially dangerous methods worth it? Another way to ask this is: What cost to bolster security is too much for utilizing these marketing avenues? As in real life, the murkier the neighborhood, the more likely you are to increase your own personal safety.

Examine any given Facebook or MySpace page and you are sure to see "apps", or small embedded programs that do specific things. Do you KNOW what data they are collecting about you when they load? Where is that data being recorded at? Is that "app" potentially dangerous? Both of these sites have been in the news for compromising user computers.

This is a real challenge - with the prevalence and proliferation of social networking sites, apps, plugins, and the like being used as 'business marketing' we have to ask - are companies inviting nefarious consequences into their network just to keep up with the Joneses? Small businesses probably cannot swing the $4-10k hardware appliance to monitor network traffic and potect them as most struggled to just keep anti-virus software updated a challenge. Oh, you'll probaly need an expert to operate that equipment in most cases (salary $45k+/-). The logical way to reduce the risk of being compromised and without the cost is to just NOT do that via company computers or devices. Suddently free marketing avenues aren't quite all that after all.

Its hard to convince people that something isn't good when millions are doing it. Keep in mind that that MAJORITY of those users are not concerned with security or protecting your data/network. ((Some may actually use social engineering to garner information!) Sooner or later you'll be invited to do something from some one's Facebook or MYSpace page - click this link, check this out, join my ____, or whatever. Stop and ask if that REALLY has a business need.

Security can get expensive very quickly - bouncing back from a security compromise can be VERY expensive but with some easy common rules of what is or is not accessed on your network, the costs can be minmized to a certain extent.

If you have more than 5 computers in your business - you SHOULD have a computer use policy. It should address the appropriateness of visiting certain sites or types of sites. That decision should be based on the level of security you can invest in. Good computing practices and policies can go a LONG way (but that is still no substitution for quality security hardware and software designed to protect your business).

It struck me the other day as I was watching a new emerging trend happen right before my eyes.

If you're normally spending more than 10k/week, you're excluded from this conversation - but for the smaller organization that has a limited marketing expense budget it becomes rather critical.  

The "twitternation" is contributing to higher costs in business. Its free, how can this be? Simple math. 1 employee using up to 30 minutes a day to read/post tweets by 240 days is 120 hours LOST PRODUCTION a year! 120 hours is pretty much 3 full weeks.

Oh wait, ah you ARE the marketing director/new business development coordinator/your title here. Lets lok at another angle shall we?

Lets say you're making oh say $8.00/hour and then this cost is around 960 bucks for a year! Most companies would want to know how to CUT costs by that much per employee (some will spend twice that to learn how). So - what does $1000 buy in marketing today? How many new customers would one expect from that outlay?

Search engines will also end up frsutrating users as well. Say they see a link to one of your "tweets" only to discover its so old its not even in your recent logs - so seeing everything thats NOT relevant to what they were looking for - they move on instead of spending time searching through your tweets. Oh some DO take the time to actually hunt for a certain one - hence the conservative 30 minutes mentioned above LOL. Additionally, its deemed by the searchee that search for 140 characters of topic matter is MORE important than actually checking a routinely updated web site. (This is not the time for a dissertation on deeming what is appropriate use of the web when one is on the clock)

Ask yourself when you post: "Is this the same information that goes in the newsletter, online news, email blasts, and the like?" Is it duplication of effort OR is it actually having a positive result?

By decentralizing your media stream you begin to expend a higher number of resources to maintain each and every outlet of information.

 I am still on the fence on this trend BUT if its working for you, thats great - but step back and take a look at the true cost versus return (new customer/member/etc).

You just hired a web company to do your web site and they also interest you in 'enhancing' your "findability" by offering to include social networking sites as part of your marketing package. Dude, you're gonna be everywhere on the net! Alrighty then.

Someone does a web search and found your myspace, facebook, livesite (insert social network here) landing page. Hurray. Oh wait it looks childish, not all there, something just doesn't stand out. OMG who is in my friends list? The person that JUST did the search for you, returns to the search engine and trys again. What happened? Read on. (see 1)

Let’s look at another angle before I tie all this in together. You paid a SEO company (or some one) some big money to get you high rankings in search engines. This means you pay ‘x’ dollars to some firm to make sure your official web site is highly ranked. Anywhere from a few hundred to a few thousand dollars a month is typical. (see 2)

(1) OK when someone views a site based off of a search result, the first page they see they decide if that is what they were looking AND if it is a trustworthy site. Social networking sites are NOT trustworthy. The bad design, overly friendly under substance, branded in a box look really didn't help build that CRITICAL level of trust a web user needs from a business. More than likely, a business customer will NOT initiate contact from a social networking site first - they will attempt to find a 'better' web site - then if all else fails (i.e.; they’ve exhausted all other resources) they may come back.

TRUST is established by the web site viewer in 1/20th of a second. That is pretty dang fast. If they don't land on your official exceptionally well designed site first - guess what? You lost that chance for trust.

(2) Additionally, all that serious moola you gave a company for search engine rankings was probably based off of significant use of keywords and content relevancy to get your web site ranked. Sad thing is social networking pages do show up in searches. If your official company site statistics show a lot of traffic from social networking sites, WHY then did you pay someone for all the SEO work? For every visit from your social networking site to your official site - you lost valuable traffic information. (Your site statistics software doesn't know what keywords the user entered to get there.)

Hold on, how much traffic is coming from that social networking site? Dang the social networking site is getting more/better/different rankings than the official corporate site. You HAVE to ask yourself – why am I paying someone to keep my web site ranked when that SAME person is encouraging the use of social media? The objectives are not mutually compatible.  

Not convinced? A good business web site costs anywhere from 6-7 thousand to many tens of thousands of dollars, WHY do you want traffic on FREE social sites? Don’t you think that potential customer would be more impressed (and appreciative) with your official site?