Last summer, a Facebook page was launched in the name of MarkMonitor Inc., a company that specializes in helping businesses safeguard their reputations online. Only MarkMonitor didn't create the profile, making the company a victim of just the kind of fraud it helps clients stamp out.
"The page basically said MarkMonitor was a marketing and advertising company in Nigeria," recalls Frederick Felman, chief marketing officer of the real MarkMonitor, which is based in San Francisco.
Thanks to its own technology for identifying impostors on social media, MarkMonitor learned about the bogus profile within 24 hours of its appearance and quickly had it removed.
On social-media outlets like Twitter and Facebook, cyber criminals and pranksters are confusing consumers by creating fake profiles in companies' names. They're also reposting blog entries that companies put up on social-media sites and replacing the links they contain with ones to sites where they hope to scam users, sell them something or promote a venture of their own. At the same time, discussion boards and other user-generated forums on company Web sites are being infiltrated with posts linking to malicious content. Now, many businesses are fighting back by using new technology designed to detect and deter such tactics.
It's unclear just how widespread the problem has become. But Stephanie Giammarco, a partner at BDO Consulting, a risk advisory firm based in New York, says social-media sites are a natural target for cyber criminals since they're highly populated and users tend to expose a lot of personal information about themselves.
What's more, many of the outlets that cyber criminals previously relied on to con victims, such as email and copycat Web sites, have been exposed. "The old is getting blocked and this new social-media avenue can still be exploited," she says.
Podcast: Fighting Back Against Facebook FakesSocial networking profiles can be a great marketing tool for businesses, but if an imposter is creating that profile it can be a big hassle. Hear Wendy Seltzer, fellow at the Silicon Flatirons Center at University of Colorado Law School and at the Berkman Center for Internet & Society at Harvard University, discuss the problem with fake social networking profiles and what sort of recourse companies have.
The Journal ReportRead the full Technology report .
Kenton Olson, digital-media manager for the National Football League's Seattle Seahawks and Major League Soccer's Seattle Sounders Football Club, says people often used to change the links within the teams' blog entries on Twitter and Facebook when reposting them. The entries otherwise looked identical and the teams typically were identified as the original source of the information. Some of the changed links went to Web sites selling nonlicensed sports merchandise; others pointed to fans' personal photo galleries. "They [were] trying to use our brand to promote their own initiatives," Mr. Olson says.
The Seattle teams were using one of several free services that assign short URLs to Web links so that the links fit more easily in brief Twitter messages and other places online where space is limited. But the URLs provided by the service all started the same way, so there was no way for a reader to tell whether a link had been generated by the teams or by anyone else using the same service.
So the teams last month began using customized short URLs provided by Ez.com, a new service from Live Oak 360 Inc., a software firm based in Austin, Texas. Now, consumers who click on links that start with shwks.com or sndrs.com can trust that they're from the Seahawks or Sounders, respectively. Mr. Olson says he's spreading the word on Twitter and Facebook to let fans know they should click on links associated with the teams only if they start with the unique URLs.
Live Oak also sells a similar service called BudURL.com. As a bonus, the links both these services create can be tracked. Chris James, a social-media strategist for Advanced Micro Devices Inc., says this is helpful for determining which social-media outlets drive the most traffic to the semiconductor company's Web site and what time of day people click on them the most. While AMD has never seen the content it posts to social-media sites reposted with the links altered, Mr. James says, the company decided to invest in BudURL.com to be proactive.
Live Oak charges between $99 and $499 a month for access to Ez.com, depending on the number of unique domains a customer wants to use and the number of employees with accounts for the service. The fee for BudURL.com is $1,000 a month because the technology behind it is more complex.
For companies that allow consumers to post content on their Web sites, software programs like Defensio from Websense Inc. detect entries that contain links a company wouldn't want its visitors following. "As soon as you accept user-generated comments on your Web site, you will get a lot of spam," says Carl Mercier, director of software development for Websense.
Praized Media Inc. of Montreal has been using Defensio for about two years, says Sylvain Carle, chief technology officer. The company develops and manages networking platforms for more than 50 company Web sites and publishers of online directories. Defensio notifies Praized Media whenever someone tries to post a suspicious link on a client's Web site, which Mr. Carle says is a common occurrence. "It gets trapped before it even gets published," he says.
Defensio costs $99 a month for organizations with less than 500 employees and $499 a month for those with more than 1,000 employees.
Impersonations Every Day
MarkMonitor, the brand-protection firm, scans social-media sites throughout the Web on a daily basis for unauthorized profiles in its clients' names, including ones with common misspellings and abbreviations. Whenever an impostor is identified, the company notifies the victim and helps it get the fake account removed. "At least one case of impersonation of a client is found daily," says Mr. Felman.
MarkMonitor also offers to create accounts on social-media sites for its clients, even if the companies don't intend to use them, to prevent impostors from hijacking their names. The company added both options a little over a year ago to its mix of services, which include defending against malicious software attacks, traffic-diversion schemes and other online threats, says Mr. Felman. MarkMonitor charges between $25,000 and $1 million a year, depending on the number of brands a company wants to protect, he says.
Companies also can search for unauthorized social-media accounts in their names on their own at no cost by going to KnowEm.com, a site owned by KnowEm LLC of Morristown, N.J. KnowEm also offers a range of paid services, including instructions for getting unauthorized accounts removed.
— Ms. Needleman is a staff reporter in The Wall Street Journal's New York bureau. She can be reached at firstname.lastname@example.org .