Hashtags are a great way to promote your brand on social media. They create buzz, help fans follow your company’s activity, and encourage engagement. But brand hashtags can also put your organisation at risk. No company can own or control the hashtags it promotes and bad actors take advantage of that.
Once your social media team invests in making a hashtag popular, cybercriminals can hijack it to target your fans and followers with malware and phishing links. And these types of attacks are on the rise. Social media phishing links grew 70% and fake customer-support accounts used for phishing jumped 30% from Q3–Q4 in 2017.
Here are five ways to reduce the risk of hashtag hijacking.
1. Align teams and assign roles to mitigate social media risk
Align stakeholders across marketing, IT Security, and legal departments to help identify and manage social media risk. Conduct mock attacks to ensure your policies, procedures, and tools effectively prevent hashtag hijacking and branded term attacks.
2. Remove unwanted posts from your company’s social media feeds
Conduct a security audit of your company’s social media accounts and work with marketing to remove any malicious content. Leverage security technology that can highlight malicious posts—like malware, phishing, profanity, hate speech, and pornography—using your hashtags and automate their removal.
3. Automate social media monitoring
After auditing and removing malicious content from your social media accounts, your organisation must monitor those accounts to prevent future attacks. Cyber-intelligence and threat monitoring should be a core pillar of your organisation’s digital and social media strategy. Again, leveraging a security technology to consistently scan your brand hashtags and terms for malicious content is the best way to proactively keep your customers and employees safe on social.
4. Identify and shut down fraudulent accounts associated with your brand
In carefully crafted attacks on your fans and followers, cybercriminals not only create posts hijacking your hashtags but also may submit those posts from a fraudulent account that appears to be official. The average company has 10 brand-owned social media accounts and potentially dozens more fraudulent accounts associated with that brand. To protect your brand’s identity on social media, submit takedown requests for any fraudulent social accounts you discover that are spoofing your brand identity.
5. Identify and blacklist threat actors
Set up blacklist rules to block the fraudulent social media accounts and bad actors who troll your hashtags with tags like #likeforlike and #followforfollow that attempt to use your social presence to increase their exposure.
A strong social media security strategy supported by the right technology is critical to protecting your brand identity online. To learn more about how you can automate your social monitoring and prevention process, download Proofpoint’s hashtag hijacking solution brief.