Pretty Simple: web, digital, social

The rise and rise of Social Networking Sites has brought about new risks to an organisation’s online brand, but whilst my last post explored Web 2.0 mistakes which organisation could make themselves, another type of risk is what others may do with your brand if you don’t get there first, through Social Media Cybersquatting.

Cybersquatting 1.0

Cybersquatting traditionally refers to the practice of:

registering, trafficking in, or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else

Wikipedia article on Cybersquatting

This practice has been around for over a decade and many countries now have specific legislation against it. But with the increase of Social Media platforms, which allow you to choose a username which then dictates the URL of your account’s public profile (for example, the potential for a new kind of Cybersquatting is born.

Cybersquatting 2.0

In Ken Fischer’s sobering post on Gov 2.0 Spoofing, he suggests that there is a significant risk of individuals posing as officials:

…all it takes is one person believing one source is the voice of a government and acting on it to cause at the least embarassement (sic) and at the worse some harm.

Ken Fischer – Gov 2.0 Spoofing is here

Fischer recommends a simple technique to allow users to authenticate an account by following a reciprocal link to an official government and back again. But this could be considered onerous and it is likely that many users will not bother. As with most security issues, the onus has to be on the content owner.

The risks of Cybersquatting in a Web 2.0 world

Brand dilution

My own organisation has had cause for concern recently when an unofficial Twitter account surfaced. Luckily this appears to have been set up by a well-meaning employee, rather than a prankster or potential cybersquatter, and is now directing people to the official account. But this still presents the problem of watering down our message and causing confusion amongst citizens who wish to follow us. We now have an official one, in addition to the unofficial one.


Most Social Media relies heavily on building up trust with those who follow you. Any compromise of that trust through a proliferation of illegitimate accounts will stunt the success of genuine engagement and potentially damage the brand. If it becomes hard to prove authenticity without laborious methods, users may easily be scared off.

Hard to integrate

With traditional cybersquatting, once you’d taken control of a domain which was found to be illegally cybersquatting it was easy to integrate that domain into your estate (e.g. by setting up a re-direct). But with many of the Social Media platforms, this isn’t the case. Twitter, for example, does not allow you to merge accounts. So the unofficial account that I mentioned earlier will either continue to exist (and continue to dilute the brand) or cease to exist and lose the 50+ followers that it has already built up. Either way, the unofficial account got the better username (EdinburghCC, as opposed to Edinburgh_CC for the official one) and there’s no obvious way of rescuing that.

Criminal intent

Worse-case scenarios see situations where citizens think they are engaging with officials, and therefore surrender personal information which could be seriously misused.

Naming conventions

Looking at this list of Council Twitter accounts, I’m surprised by the lack of naming conventions. Most seem to have adopted the approach of councilname followed by CC or DC etc. But there’s no overriding consensus, and many have used far different names (for example, Sunderland (@Sunderland_UK), Southampton (@citycouncil09) and Croydon (@yourcroydon). There is therefore huge potential there for cybersquatters to set up shop, and we have very few options for closing the loopholes (unlike with standard web domains, where in the public sector registration of Second Level Domains is restricted, or in the private sector where you would develop a brand protection strategy to mitigate against domain fraud by purchasing vulnerable domains).


Most heavy users of Social Media sites have probably come across instances of name-squatting – or at least cases of mistaken identity. There have been many high-profile stories involving people posing as celebrities, and even the great Tim Berners-Lee will find a shock in store if he ever wants to start Tweeting – someone has taken @timbernerslee and claims to be holding it for him (at what price, we wonder?).

It’s clear that organisations need to be aware of this issue, whether or not they are using the platforms themselves. It is their responsibility to protect their brand, as well as to protect their customers from fraudulent accounts. For public sector organisations this is perhaps even more crucial, and there is a clear need for stronger guidance and policy. Let’s just hope it doesn’t take a serious incident to get more people thinking about the issue.

Edit: Twitter have now introduced Account Verification.

Further reading

This entry was posted in Blog and tagged , , , , , . Bookmark the permalink.

2 Responses to Cybersquatting 2.0 – protecting your name in Social Media

  1. Ken Fischer says:

    Agreed that for each user to click back and forth would onerous for every message. But social media is about long term relationships and reputation. Many influencers routinely do a quick evaluation on whether to link to or follow an account. Reciprocal linking is only suggested as a method when there is no better option for authentication. It is not the best, but is doable in the current Gov 2.0 environment without requiring large or costly changes on either the government or social technology provider side. It seems there should be some recourse for verification when there is a question in a users mind on whether the content is authentic before they take action based on it.

    • James says:

      Thanks for your input Ken. I’ll certainly be recommending that we verify the authenticity of our Social Media accounts via reciprocal links – it has the useful side effect of offering another channel of promotion from the corporate site (we could maybe post it as part of a press release, for example). As an easily achievable partial-fix it makes good sense.

Leave a Reply

Your email address will not be published.

Browse by Category