Uncategorized Archives

If it Can Happen to Amazon, it Can Happen To You

Social Media: The Industry Disrupter

Social media continues to be a major business disrupter. For the last decade most companies and brands have been working like crazy to figure it all out. From social media marketing to social hiring reports. How does it all work?

Which platform should we use to market? What is the ROI? How can we keep track of our online reputation? The waters get murky when it comes to hiring employees and screening their social accounts. Yet, so many HR professionals continue to conduct unethical searches and find themselves in compromising situations. Should we screen employees social media prior to hiring? How is that different from the background checks were already conducting?

Just last week it was reported that an Amazon employee was fired for reporting that her supervisor instructed her to “scour social media on applicants to determine race and gender. ” She did not feel this was the correct way to do this, and notified management. She was terminated. The ex-employee has since then filed a lawsuit against Amazon for wrongful termination among other things.

Many times we hear HR executives say that they do check social media on applicants and don’t give it too much thought as to the legality of it all. According to the Society for Human Resource Management (SHRM), HR execs recruit candidates for specific jobs using social media, up from 56 percent in 2011 and 34 percent in 2008. Using this as a recruitment strategy is different than using it to determine employment, however.

The Right Way to Conduct Social Media Background Checks

This varies from state to state, however for the most part be aware of the following red flags that are allowed under FCRA compliance:

Racist, Sexist, or Discriminatory Behavior
Sexually Explicit Material
Threats or Acts of Violence
Potentially Illegal Activity

Developing a social media policy for your company is a great first step. This way everyone is on the same page when it comes to remaining fair to all applicants.

Never ask for passwords.

Include this as part of your background check policy and clearly state it for all applicants to see and agree to.

Use an outside agency.

Reputation management and workplace safety are just two of the three top reasons companies seek out social media background checks.

At eChatter we use software that is FCRA compliant. Results generated by our staff are in line with federal and state specific laws. However, we don’t stop there. Avoid a PR nightmare by monitoring social media once employees are hired, to protect employees from toxic behavior in the workplace. What starts at the office, sometimes spills into social media and vise versa.
Human Resource Social Media Hiring Scan

OSINT Research: The Devil’s in the Details

For those unfamiliar with the term OSINT Research, it is explained this way by Wikipedia

Open Source Intelligence (OSINT) is the collection and analysis of information that is gathered from public, or open, sources.^[2] OSINT is primarily used in national security, law enforcement, and business intelligence functions and is of value to analysts who use non-sensitive intelligence in answering classified, unclassified, or proprietary intelligence requirements across the previous intelligence disciplines.

OSINT sources can be divided up into six different categories of information flow

Media, print newspapers, magazines, radio, and television from across and between countries.
Internet, online publications, blogs, discussion groups, citizen media (i.e. – cell phone videos, and user created content), YouTube, and other social media websites (i.e. – Facebook, Twitter, Instagram, etc.). This source also outpaces a variety of other sources due to its timeliness and ease of access.
Public Government Data, public government reports, budgets, hearings, telephone directories, press conferences, websites, and speeches. Although this source comes from an official source they are publicly accessible and may be used openly and freely.
Professional and Academic Publications, information acquired from journals, conferences, symposia, academic papers, dissertations, and theses.
Commercial Data, commercial imagery, financial and industrial assessments, and databases.
Grey literature, technical reports, preprints, patents, working papers, business documents, unpublished works, and newsletters.

OSINT Resources Reveal the Details From the Deep Web

Many times our clients want to better understand the difference between a social media scan and a deep web scan. Taking a close look at the image above explains a lot and kind of surprises most people in terms of the data on the web that is openly available.

eChatter Case Study Examples of Deep Web Details

Recently, we were trying to find out whether a POI (person of interest) was married. He had no Facebook clues other than he was in a relationship. After conducting a deep web scan we found a local newspaper article in which he was named along with “his wife”. The wife chose to keep her maiden name.
A deep scan was ordered by a client to determine what happened to a deceased person’s body. We found an association letter that was published online indicating the person was cremated and buried at sea.
A client needed to know if their POI had any business affiliations that wasn’t disclosed in a divorce settlement. After a deep scan was conducted, we located quite a few businesses tied to the POI.

Does it always work out this way? Not at all. Mainly because some people are much better at hiding this than others or because they were advised to delete everything online by advice of counsel. However, these are the kind of details OSINT research is all about. You will not find this in a Google search.

Online Protection for Small Businesses

Do you think cybercriminals are too busy targeting big businesses like Home Depot, Marriott and Google to bother with your small company? Think again.

Cyber attacks are a growing threat for small businesses and the U.S. economy. According to the FBI’s Internet Crime Report, the cost of cybercrimes reached $2.7 billion in 2018 alone. Small businesses are attractive to cybercriminals because they typically lack the security infrastructure of larger corporations and by accessing a small business’s computer network, typically this opens up the client and vendor networks, too. According to a recent SBA survey, 88% of small business owners felt their business was vulnerable to a cyber attack. And since 71% of cyberattacks occur at businesses with fewer than 100 employees, small companies should be concerned.

For a small business, the cost of a data breach can be devastating. The average cyberattack costs a small business $34,604. Since it takes an average of 191 days for a small business to become aware of a cyberattack, companies that are attacked once are often hit again. No surprise that nearly 60% of companies go out of business within six months of a cyberattack.

Fortunately, there are steps you can take to protect your business, clients, and vendors.

1) Train your employees

Employees and emails are the leading cause of data breaches for small businesses because they are a direct path into your systems. Training employees on basic internet best practices can go a long way in preventing cyber attacks. Make sure your employees know how to spot a phishing email, best web browsing practices, how to avoid suspicious downloads, the importance of creating strong passwords, and most importantly, how to protect sensitive customer and vendor information. Monitoring online mentions of your business name and variations of it is also very helpful and hiring a firm to do a Dark Web check up a few times a year is a good idea.

2) Use antivirus software and keep it updated
Each of your business’s computers should be equipped with antivirus software, antispyware, and updated regularly. You can easily find this online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install updates automatically.

3) Secure your networks
Safeguard your Internet connection by using a firewall and encrypting information. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). And always password protect access to the router.

4) Multifactor authentication
Multifactor authentication requires additional information (e.g., a security code sent to your phone) to log in. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.

5) Back up your data
Regularly back up data on every computer. Critical information electronic spreadsheets, client and vendor databases, financial files, human resources files, and accounts receivable/payable files.

6) Secure payment processing
Work with your banks or card processors to ensure the most validated tools and anti-fraud services are being used. Take it a step further by isolating payment systems from other, less secure programs and do not use the same computer to process payments and surf the Internet.

7) Control physical access
Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee. And ensure that administrative privileges are only given to trusted IT staff and key personnel.

8) Get strong non-disclosure agreements

If applicable for your business, create well-written non-disclosure agreements. Also, look at any other agreements you use in your business to make sure they cover your intellectual property. These could include employment agreements, licenses, and sales contracts.

Social Media Crime Stoppers

Nextdoor, Citizen, and Amazon Ring…these are the apps responsible for what used to be called “citizen’s arrest”. These apps, which allow users to view local crime in real time and discuss it with people nearby, are some of the most downloaded social and news apps in the US, according to rankings from the App Store and Google Play.

While it’s important to know what is going on in your community, and more specifically, your neighborhood, has it made us paranoid that everyone is out to get us?

Before you download these apps, let’s look at the good, the bad, and the ugly.

Nextdoor

According to the website, Nextdoor is “the best way to stay in the know about what’s going on in your neighborhood—whether it’s finding a last-minute babysitter, learning about an upcoming block party, or hearing about a rash of car break-ins. There are so many ways our neighbors can help us. We just need an easier way to connect with them.”

When I first learned about Nextdoor, I thought, all I need is another app on my phone. And I actually avoided it for a while. But after seeing multiple neighbors post comments, questions, and suggestions, I decided I might as well give it a try.

Most of the posts involve recommendations for lawn care, home maintenance or repair, local hotspots, missing pets, and the like. But more recently there have been a string of posts regarding robberies, break-ins, and more alarming incidents such as lurkers at a local playground.

While I appreciate being kept abreast of everything going on in our community, is it making us so leery and suspicious that we assume everyone has negative intentions?

In the US, Nextdoor has worryingly been accused of being a hotbed of racial profiling and bigotry, having been called out by the black news and opinion site The Root for the way users report people of color in their neighborhood as being suspicious.

But there is a silver lining in all of this…Nextdoor residents are quick to help one another in times of need. During the recent Hurricane Dorian event, one post from the Nextdoor app by a resident of the “Cork Vicinity” of Central Florida reads—“Anybody know where there’s water?” In less than 23 hours more than 50 helpful neighbors recommended 28 nearby neighborhoods where water might be found and encouraged other creative solutions like filling up five gallon buckets with tap water, and even catching and purifying rainwater.

Citizen

Citizen, which was previously titled Vigilante, encourages users to stop crimes in action…by sending 9-1-1 alerts for crimes happening nearby. It also allows users to livestream footage they record of the crime scene, “chat with other Citizen users as situations develop” and “build out your Inner Circle of family and friends to create your own personal safety network, and receive alerts whenever they’re close to danger.”

According to their website…”Our mission is to keep people safe and informed. We believe everyone has the right to know what’s happening inside their communities in real time, and that transparency can drive change for the better. Citizen users are empowering the city of the future, building new ways to bring people together, creating a safer world, and democratizing 911.”

Amazon Ring

Amazon has recently thrown its hat in the ring — with Ring. It recently advertised an editorial position that would coordinate news coverage on crime, specifically based around its Ring video doorbell and Neighbors, its attendant social media app. Neighbors alerts users to local crime news from “unconfirmed sources” and is full of Amazon Ring videos of people stealing Amazon packages and “suspicious” brown people on porches. “Neighbors is more than an app, it’s the power of your community coming together to keep you safe and informed,” it boasts.

New Found Fear

It’s natural for people to want to know more about the world around them in order to decrease their uncertainty and increase their ability to cope with danger,” says David Ewoldsen, Professor of media and information at Michigan State University. “You go on because you’re afraid and you want to feel more competent, but now you’re seeing crime you didn’t know about,” Ewoldsen said. “The long-term implication is heightened fear and less of a sense of competence. … It’s a negative spiral.”

“Focusing on these things you’re interpreting as danger can change your perception of your overall safety,” Pamela Rutledge, director of the Media Psychology Research Center, told Recode. “Essentially you’re elevating your stress level. There’s buckets of research that talks about the dangers of stress, from high blood pressure to decreased mental health.”

These apps are particularly scary since they’re discussing crime nearby, within your neighborhood or Zip code. And the issues are compounded by the media, Ewoldsen says. “If you see more coverage of crime you think it’s more of an issue, even if real-world statistics say it isn’t,” Ewoldsen said.

What do we do about it?

[ctt template=”4″ link=”fnfg3″ via=”no” ]“We need to pay attention and to be more mindful in our consumption of the news,” he said. Turn off notifications for crime that’s not happening around you. Research or read respected sources of news before jumping to conclusions. Be aware of how other people’s biases and those of their fellow app users could skew reporting and the reaction to that reporting.[/ctt]

“It would help if they eliminated all unverified reports,” Rutledge said. In practice, however, this would mean having to verify crimes before they could be posted, which would be very difficult if not impossible.

How to Spot Social Media Influencer Fraud

Influencers are everywhere…on television commercials pushing certain brands, on the radio talking about products they use, and now on social media…which is probably the most impactful means of marketing nowadays.

What exactly is an influencer? It is an individual who has the power to affect purchase decisions of others because of his/her authority, knowledge, position or relationship with his/her audience. Influencers in social media are people who have built a reputation for their knowledge and expertise on a particular topic. They make regular posts about that topic on their preferred social media channels and generate large followings of enthusiastic engaged people who pay close attention to their views.

Brands love social media influencers because they can create trends and encourage their followers to buy products they promote. But influencer relationships are now being questioned due to the rise in influencer fraud – a dilemma that occurs when paid tastemakers use artificially inflated follower numbers to increase their asking rate for engaging their audience on behalf of a brand. While this used to be an isolated incident, it is now spreading rampantly throughout social media. According to a Points North Group study, up to 20% of mid-level influencers’ followers are likely fraudulent.

How to Spot Fake Influencers

Sniffing out fake Instagram influencers is sometimes an easy task – find a profile with two posts and a million fans and it’s definitely filled with Instagram fake followers. Other times, you have to consider the account as a whole and separate what looks real from what appears to be fake.

1) Followers to Following Ratio

Influencers typically follow 1-5% of their following. If the ratio is much higher than that, it could be due to cheap growth hacks. For example, some Instagram users will follow anyone and everyone to get a courtesy follow in return, then unfollow a bunch of people all at once.

2) Quality of Followers

Influencers with fake followers will have a bot-heavy followers list. If you look at their list and discover many of their followers have private accounts or no profile photos, chances are they’re from a paid service to boost engagement numbers.

3) Content to Followers Ratio

Most accounts with a few posts and a ton of followers is fake. Real influencers have been posting on some sort of reliable schedule for the past several months or years in order to earn their followers. True audiences aren’t easy to acquire–they only come from regularly engaging a targeted audience with quality posts over time.

4) Life of the Account

Look at the total time the account has been open, not just how much has been posted. If an account is brand new and has a huge follower base, that should be a warning sign. It is possible that an influencer gets a sudden spike of followers because of an Instagram feature, press coverage or a viral post. Dig a little deeper to find out if this is the case.

5) Quality of Engagement

Generic comments like, “Love this!” or “Epic!” are often from bots, not real fans. A telltale sign is when the comment doesn’t accurately reflect on the image, like, “Delicious!” for a picture that’s not food. Quality comments are personalized and more thorough, and the influencer will reply to a handful of them.

6) Additional Websites and Accounts

Influencers should have some type of non-Instagram presence, either through other social media accounts or a personal website. Search for them on Google, too. Their name should pop up somewhere, preferably in an article that ranks influencers or in an interview with them.

Instagram also has a built-in tool for verifying influencers. The “About This Account” feature is available on many accounts with large audiences.

7) Hashtag Use

Ever see posts with more hashtags than actual content? And really, who reads every single one of those hashtags? No one! Influencers with a loyal following don’t have to use hashtags in order to get attention. A couple of hashtags are normal, especially branded ones, but using 20 or more hashtags is a sign that that’s how they’re collecting their engagement instead of through a dedicated follower base – bots often search for photos with specific hashtags.

Conclusion

Social media’s power and popularity enable practically anyone to build a public-facing persona, grow a following, and serve as a pitch person for your brand and its content. And influencer marketing can be a rewarding strategy for your brand in terms of networking, reaching your audience, and making a profit. But make sure you carefully vet and select the influencers you want to work with. Build a loyal fan base by posting meaningful content related to your brand. Only then will followers know you are the real deal.