A step-by-step guide to protecting your SME against brand damage on social media


In a world where social media is (almost) everything, there is no denying the benefits of an engaging online presence for your business.

More than 1 in 10 surveyed Australians have now shopped via a social media platform[1]. Successful social media strategies allow small businesses to convert customers to unofficial, yet involved, brand ambassadors who are genuinely excited about products and services, and are willing to share them with family and friends. Additionally, we’re seeing a rise in consumers ‘browsing’ on social media before they buy, so a strong presence is increasingly important.

But, like everything, there is always a flip side.

As social media platforms increasingly become a key way for customers to interact with your business, the potential risk of malicious brand damage from online fraudsters increases. In fact according to a study by Proofpoint, close to 600 new fraudulent brand accounts were created each month between April and June 2016 on Facebook, Twitter, YouTube and Instagram.

These fraudulent brand accounts, run by cybercriminals, hijack brands by creating fake pages and accounts with the business’ name and credentials in an attempt to convince potential customers of its credibility. They have also been known to offer free perks and customer service actions which, in reality, do not exist.

PayPal is no stranger to this phenomenon. We’ve discovered accounts purporting to be the company on Twitter and Facebook. Whether you run a small business or work in a multi-national company, protecting your brand’s reputation, and the experience your customers have with your business, is essential.

While the complete prevention of social media fraud is ideal, it is not realistic in every scenario. These steps can help you protect yourself through early detection of fraudulent brand accounts and allow you to act immediately:

1. Don’t give others the opportunity to hijack your brand

If a small business hasn’t established a social media presence, hijackers can claim the space for themselves. Cybercriminals are always on the lookout for opportunities to take advantage of a business’ lax social media policy.

To avoid this, create an official social media presence on major channels, like Facebook, Twitter and Instagram. Even if your usage of these sites is infrequent, creating a presence is the first step in claiming your business’ stake in the social media ground.

2. Be aware of your social presence

Small businesses often assume that the information they share on social media is the only information available about their brand. Unfortunately, this is usually incorrect as the general public has a number of ways to comment on your brand, whether it be products, customer service, overall experience, etc. For example a local restaurant can easily feature on TripAdisor, Yelp, Menulog, True Local and other sites where customers regularly post self-generated reviews. A lack of monitoring can leave you not only unaware of useful feedback but can enable cybercriminals to create fake content that can not only lead customers astray but also damage your reputation.

Accounts that impersonate your business must be identified and dealt with as soon as possible to limit the damage caused to your brand. Creating and maintaining an inventory of your social media presence is key to discovering fake social media accounts if they crop up.

3. Report fraudulent sites 

Reporting cybercriminals is a critical step in protecting your brand. Social media platforms like Facebook, Instagram, Twitter and others are committed to helping minimise and shut-down fraud on their channels and have avenues in their help centres to deal with these imposters. As soon as you become aware of a fraudulent brand social account, report it to the social media platform.

If you discover your brand has been hijacked, ensure your customers are made aware of the situation quickly. You should communicate to customers that only your official sites – and no other platform or channels – will be used to make announcements about new products and services.

4. Install a mechanism to take customer reports on fraud

Your customers are your allies and can help you in the fight against online fraud. Customers should be empowered to conveniently report instances of brand fraud to your business. However, most businesses do not have a centralised system to report fraud and therefore miss out on vital data that can help save them from defamation.

Make sure all employees are aware of your social media presence, current deals and promotions, as well as the potential risk of fraudsters. This will help them respond to customer questions and identify instances of fraud quickly.

Preventing social media brand fraud will continue to remain a challenge because of the generative nature of social media platforms and the proliferation of new and more creative scams. While these measures might not completely stop this kind of abuse, it will certainly raise the barrier for protection and prevention. Stay alert and protect your brand so your business can enjoy the many the benefits of the social media age.


About the author

Alastair Parry is the Head of Small and Medium Business, PayPal Australia

[1] PayPal mCommerce Index, PayPal Australia, September 2016