The rise and rise of Social Networking Sites has brought about new risks to an organisation’s online brand, but whilst my last post explored Web 2.0 mistakes which organisation could make themselves, another type of risk is what others may do with your brand if you don’t get there first, through Social Media Cybersquatting.
Cybersquatting traditionally refers to the practice of:
registering, trafficking in, or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else
This practice has been around for over a decade and many countries now have specific legislation against it. But with the increase of Social Media platforms, which allow you to choose a username which then dictates the URL of your account’s public profile (for example, www.twitter.com/prettysimple) the potential for a new kind of Cybersquatting is born.
In Ken Fischer’s sobering post on Gov 2.0 Spoofing, he suggests that there is a significant risk of individuals posing as officials:
…all it takes is one person believing one source is the voice of a government and acting on it to cause at the least embarassement (sic) and at the worse some harm.
Ken Fischer – Gov 2.0 Spoofing is here
Fischer recommends a simple technique to allow users to authenticate an account by following a reciprocal link to an official government and back again. But this could be considered onerous and it is likely that many users will not bother. As with most security issues, the onus has to be on the content owner.
The risks of Cybersquatting in a Web 2.0 world
My own organisation has had cause for concern recently when an unofficial Twitter account surfaced. Luckily this appears to have been set up by a well-meaning employee, rather than a prankster or potential cybersquatter, and is now directing people to the official account. But this still presents the problem of watering down our message and causing confusion amongst citizens who wish to follow us. We now have an official one, in addition to the unofficial one.
Most Social Media relies heavily on building up trust with those who follow you. Any compromise of that trust through a proliferation of illegitimate accounts will stunt the success of genuine engagement and potentially damage the brand. If it becomes hard to prove authenticity without laborious methods, users may easily be scared off.
Hard to integrate
With traditional cybersquatting, once you’d taken control of a domain which was found to be illegally cybersquatting it was easy to integrate that domain into your estate (e.g. by setting up a re-direct). But with many of the Social Media platforms, this isn’t the case. Twitter, for example, does not allow you to merge accounts. So the unofficial account that I mentioned earlier will either continue to exist (and continue to dilute the brand) or cease to exist and lose the 50+ followers that it has already built up. Either way, the unofficial account got the better username (EdinburghCC, as opposed to Edinburgh_CC for the official one) and there’s no obvious way of rescuing that.
Worse-case scenarios see situations where citizens think they are engaging with officials, and therefore surrender personal information which could be seriously misused.
Looking at this list of Council Twitter accounts, I’m surprised by the lack of naming conventions. Most seem to have adopted the approach of councilname followed by CC or DC etc. But there’s no overriding consensus, and many have used far different names (for example, Sunderland (@Sunderland_UK), Southampton (@citycouncil09) and Croydon (@yourcroydon). There is therefore huge potential there for cybersquatters to set up shop, and we have very few options for closing the loopholes (unlike with standard web domains, where in the public sector registration of gov.uk Second Level Domains is restricted, or in the private sector where you would develop a brand protection strategy to mitigate against domain fraud by purchasing vulnerable domains).
Most heavy users of Social Media sites have probably come across instances of name-squatting – or at least cases of mistaken identity. There have been many high-profile stories involving people posing as celebrities, and even the great Tim Berners-Lee will find a shock in store if he ever wants to start Tweeting – someone has taken @timbernerslee and claims to be holding it for him (at what price, we wonder?).
It’s clear that organisations need to be aware of this issue, whether or not they are using the platforms themselves. It is their responsibility to protect their brand, as well as to protect their customers from fraudulent accounts. For public sector organisations this is perhaps even more crucial, and there is a clear need for stronger guidance and policy. Let’s just hope it doesn’t take a serious incident to get more people thinking about the issue.
- Social Media Squatting – top sites to think about
- List of UK Council Twitter accounts
- How to handle Name-Squatting on Twitter et al
- …and the brilliantly titled Sydney Morning Herald article: All that Twitters is not gold: enter the squatters