SOCIAL MEDIA AND ONLINE FRAUD
WELCOME TO:
Social Media and Online Fraud:
Protecting Yourself and Your Organization
Please dial 1-800-950-7243 to connect to the audio portion of this webinar
.
Please note this call will be recorded
1
Social Media & Online
Fraud: Trends, Tips and
Best Practices For Dealing
With Online Fraudsters
Gina Durham
Social Media – What are we talking
about?
 No single or uniform definition of what it means.
 Our definition: online or web-based technologies, tools and
platforms that allow for the creation and exchange of usergenerated content in a social setting.
 Includes:
 Social networking sites such as Facebook, Linked In, MySpace, and
Twitter
 Blogging sites, including blogs on commercial news and other sites.
 Wikis
 Video content sharing sites such as YouTube and Flickr
 Social news sites such as Digg or Reddit
3
Social Media – Fast Facts
 Facebook – over 500 million users
 Twitter – over 200 million users
 U.S. Dept. of Justice reported total online fraud losses of
almost $560 million in 2009, more than doubled from 2008
(based on complaints received by Internet Crime Complaint
Center)
4
Risks Posed by Explosion of Social
Media
 Various Frauds and Impersonations
 Scams that can damage your reputation
 Scams that can harm your customers
 Challenges of user-generated content on company websites,
or company-sponsored websites
5
Special Challenges Posed by Social
Media
 Anonymity for the fraudsters
 Ability to “know” their victims – access to individual data on a
massive scale
 Interoperability Multiplies Challenges
 Tweet a message including a trademark infringement
 Retweet on Facebook
 Retweet on Linked-In
 Retweet on Blogger
 Blogger content republished via RSS on several sites
RECYCLING OF HARMFUL CONTENT, VIRAL SPREAD
6
Specific Challenges
 “Brandjacking”
 Fraudsters take advantage of your brand to gain trust and make
money
 Prevalent in social media because it is easy to set up accounts
and find an audience
 E-mail scams targeting users of social media sites
 Unauthorized promotions
 Attempts to gather sensitive personal information
 Malicious software that infects victim’s PC and steals passwords
 Phishing attacks using information on social networking
sites
 Gripe pages and false and/or harmful user generated
content
7
Examples of Recent Scams
 WHOLE FOODS $500 Gift Card Phishing Scam
 Fake Facebook Pages
8
Examples of Recent Scams
 Fake Facebook Pages
 Click on “Like” button, attempt to steal Facebook password
9
Examples of Recent Scams
 Impersonation on Twitter
 St Louis Cardinal’s Manager Tony LaRussa case
 Trend- impersonation of company executive speaking on behalf of
company
10
Examples of Recent Scams
 Social media-linked Ponzi scheme, in which scam artists
use YouTube, Twitter and Facebook to promote
investment opportunities with the promise of
unrealistically high returns.
 “Fake” Blogging
11
Best Practices & Preventative
Measures
 Preemptively register trademarks and common variations on
major social media websites
 Educate your consumers/users & provide a means of
authentication
 How do they know they are really communicating with you
 How do they know it is an authorized site, page, etc.
 Establish guidelines as to who is authorized to post on behalf of
the brand and how they must identify themselves
 Drive traffic to and from the company’s authorized website
 Monitor venues for abuse
12
Combating Scams On Social Media
Outlets
Educate Your Customers-How
do they know it is really you?
13
Combating Scams On Social Media
Outlets
 Quick Action
 Take advantage of “Take Down” Policies
 Twitter Impersonation Policy
 Pretending to be another person or entity
 Submit a ticket to http://twitter.com/help/escalate
 Twitter Trademark Policy
 Using a company or business name, logo, or other trademarkprotected materials in a manner that may mislead or confuse
others or be used for financial gain may be considered a
trademark policy violation.
14
Combating Scams On Social Media
Outlets
15
Combating Scams On Social Media
Outlets
 Facebook Trademark/Copyright
 Notice of Intellectual Property Infringement (copyright) and (noncopyright)
http://www.facebook.com/legal/copyright.php?howto_report
 Remedies- Remove/Disable Content, but will also contact poster
 Poster’s ability to appeal
 Facebook Impersonation
 Go to the impostor profile and click "Report this Person" in the left
column. Check the "Report this Person" box, choose "Fake
Account" as the reason, and add "Impersonating me or someone
else" as the report type.
 Facebook Phishing Issues
 Go to the “Security” Page and report a phished account
16
Combating Scams On Social Media
Outlets
 Report to Authorities/Law Enforcement
 Report to Other Relevant Organizations
 Better Business Bureau
 [email protected] or by calling 1-866-96-FINRA
17
Combating Scams On Social Media
Outlets
Take Civil Action In Appropriate Situations
 Importance of investigation
 Understand the challenges and objectives
 Subpoenas
 Defendants outside U.S.
 Secondary liability
 Deterrence objectives
 Injunctions
 Statutory damages
18
Combating Scams On Social Media
Outlets
 Helpful Legal Theories
 Federal Statutes
 Lanham Act, 15 U.S.C. § 1114 and 15 U.S.C. § 1125(a)
 Counterfeit Mark?
 Anti-Cybersquatting Consumer Protection Act, 15 U.S.C. §
1125(d)
 Computer Fraud and Abuse Act, 18 U.S.C. § 1030
 Unauthorized access or exceeds authorized access
 Requisite showing of compensable loss
 Von Holdt v. A1 Tool Corp, 2010 U.S. Dist. Lexis 49071 (ND IL May 17,
2010) (damage, impairment, or interruption of services required)
 Copyright
 RICO
19
Combating Scams On Social Media
Outlets
 Helpful Legal Theories
 State Laws
 State Anti-Spam Laws
 Right of Publicity Laws
 Breach of Contract
 Trespass
 Fraud
20
Combating Scams On Social Media
Outlets
Legislative Progress--More help on the way?
 Utah E-Commerce Integrity Act
 California SB 1411 Criminal E-Personation
 Previous Snowe Bill
21
Company Criticism- What to do about
a Gripe Page
 Sometimes there are trademark, defamation, or other
objections to be made against a “gripe” page
 BUT– Use a rule of reason before asserting such claims
 Will taking action create more attention for the criticism than
having simply ignored it?
 Anecdote-- Mr. Kurtz’s Facebook page – Kalamazoo Residents
against T&J Towing – T&J took action—which resulted in
thousands of followers to the gripe page and a story in the NY
Times
 Careful – Fair Use, Privileges and First Amendment
Protections May Apply
22
Unauthorized Use of Company Web
Forums
 Dealing with User Generated Content
 Mitigating Risks
 First Line of Defense: Terms of Use, House Rules, etc.
 Williams v. Life’s Rad, 2010 U.S. Dist. LEXIS 46763 (N.D. Cal. May 11,
2010)
 Terms of Service and user agreement that reserved right to removed content
plaintiff considered infringing or otherwise objectionable in its “sole and
absolute discretion” – online provider held not liable for removal of user
content
 Put them on your Facebook page too!
 Communications Decency Act Immunity
 Note --Company is acting as ISP when it creates a website that
interacts with the public and allows public comment or posting.
23
Unauthorized Use of Company Web
Forums
 Tips for Successfully Enforcing Terms of Use Under Breach of
Contract
 Carefully drafted terms of use
 Enforceability of click wrap and browse wrap form of assent
 Major v. McCallister, 302 S.W.3d 227 (Mo. Ct. App. Dec. 23, 2009)
 Notice
 Demand Letter enclosing Terms of Use
 Plausible Damage Claim
 Damage to Computer Systems
 Reputational Damage
 Lost Revenue/Sales Opportunities due to diversion
24
Unauthorized Use of Company Web
Forums
 Communications Decency Act - Best Practices
Trends
 Communications Decency Act (47 U.S.C. 230)
 No Section 230 immunity if “responsible in whole or in part for the
creation of development of information provided through the Internet
or any other interactive computer service.”
 Immunity preempts challenges based on state and local laws (but not
challenges based on IP)
 Key Distinction
 ISP that allows access by multiple users (receive immunity) or ISP that provides
content and retains responsibility for the creation or development of information
provided through the internet (no immunity)
25
Unauthorized Use of Company Web
Forums
 Communications Decency Act (47 U.S.C. 230)
 Cases
 Doe v. Sexsearch.com, 502 F.Supp.2d 719 (ND OH 2007)
 Website simultaneously acts as interactive computer service and
information content provider
 Critical issue– whether site was acting as information provider on
information plaintiff claims is false
 Barnes v. Yahoo! Inc., 570 F.3d 1096 (9th Cir. 2009)
 Plaintiff survives CDA immunity for claim against web site operator for
defamatory content posted by third party
 Separate promise by Yahoo! employee to remove false profiles (act
was a separate undertaking beyond publisher of profiles)
 DO NOT make a promise you cannot keep
26
Unauthorized Use of Company Web
Forums
 Communications Decency Act (47 U.S.C. 230)
 Cases
 Doctor’s Associates v. QIP Holder LLC, 2010 U.S. Dist. LEXIS
14687 (D. Conn. Feb. 19, 2010)
 Quizno’s v. Subway Video Contest
 MCW v. Badbusinessbureau.com, 2004 U.S.Dist. LEXIS 6678 (ND
Tex April 14, 2004)
 Actively soliciting disparaging materials, defendant went beyond
publisher’s role and “incurred responsibility for the information
developed and created by consumers”
 The CDA "does not require a court to determine only whether a party
creates or develops the information at issue. Being responsible for the
creation or development is sufficient."
27
Unauthorized Use of Company Web
Forums
 Communications Decency Act (47 U.S.C. 230)
 Cases
 Scott P. v. Craigslist (Cal. Super. Ct. San Fran. Cty June 2, 2010)
 Nemet Chevrolet v. Consumeraffairs.com, 564 F.Supp.2d 544
(E.D. Va. 2008)
 Fair Housing Council of San Fernando Valley v. Roommates.com,
LLC, 521 F.3d 1157 (9th Cir. 2008)
 Chicago Lawyers’ Committee for Civil Rights Under the Law, Inc.
v. Craigslist, 519 F.3d 666 (7th Cir. 2008).
28
Social Media Monitoring – Interesting
Links and Emerging Vendors
 Search engines to locate damaging content
 icerocket.com (searches blogs, Twitter, MySpace, news and
images)
 Google.com/alerts (alerts for use of company names and brands
on blogs, the Web, news, videos and discussion groups)
 technorati.com (searches blogs)
 TM.biz (free search to check brands registered as user names at
top 500 social media sites)
 Vendors
 User Name Watching
 Content Watching in Major Forums
29
Social Media Monitoring – Interesting
Links and Emerging Vendors
 Vendors (Con’t.)
 Attensity (http://www.attensity.com/);
 Attentio (http://attentio.com/);
 Cision (http://us.cision.com/media-monitoring/social-mediamonitoring.asp);
 Radian (http://www.radian6.com/)
 MarkMonitor, Thomson, Coresearch
30
Gina Durham
DLA Piper LLP (US)
(312) 368-7246
[email protected]