Perspectives

Reputation ransomware - beware business 'directories'

In an internet age, regular reviews of your company's digital footprint and how it may have been appropriated by bots scraping your content is important to do on a regular basis. Sites seeking to mash ransomware with customer reviews are now popping up. The way it works is your information is scraped from your site or social media pages and then a page created for your company.  Reviewers can then post whatever they choose about your company.  You are required to log into the site and 'claim' your listing.  In some instances, you may be charged to transform your 'free' listing into some kind of service-based listing - for example, premium accounts have the additional options they can take when a negative review is posted. In many instances, the identities of the reviewers are obscured so that it is impossible to tell whether the reviewer is a real person or not, or an employee of the review site.  An additional danger is the site may be actively soliciting you to claim the listing with incorrect information and requiring additional information with the goal of data mining, identity theft or levying charges to your bank account.  Treat sites like these in the same way as you would treat spoofed emails from legitimate accounts you own such as your bank account and do not give them your information.

 

 

There are real sites and apps that have significant followings that carry reviews, like FourSquare, Yelp, Angie's List, and others, as well as directories such as theYellow Pages and Better Business Bureau - although the latter has also been tainted by pay to play press.  But beware of these so-called business directory listing sites that are popping up and mashing data to create what are effectively reputation ransomware sites. 

Recourse can be difficult.  Some of your options include writing an abuse email to the domain registrar of the company and or the hosting company for the business directory site. If you did not create the listing and they are claiming you did, you can report the site to your state's attorney general and the FBI.  In instances like these, one complaint may not be enough, but if multiple reports cross their inbox, they will investigate.

 

 

Details
Category: Learning
Published:
Hits: 1625
Subscribe
Show comment form

From Our Blog

  • Skype's demise creates new method of spoofing and malware - malicious Microsoft Teams invites

    The demise of Skype and people switching to Microsoft Teams is producing a new wave of socially-engineered malicious activity using spoofed email meeting requests, some with attachments.

    Now that Skype has Skype has been retired by Microsoft, people who once used the voice and video platform for meetings have been told to switch to Microsoft Teams.  So instead of seeing a message notification in Skype, it is now much more common to see in your inbox a calendar notification email with time blocked out tentatively on your calendar.  Because meetings often require associated subject matter for the meeting, attachments and links are also quite typical. 

    It is both this increased frequency post-Skype, and the normality of having attachments for meetings that make them an ideal vector for malicious activity - something that is being exploited as the switchover from Skype happens. 

    Read more …

  • Ten years of working with the African Leadership Institute

    In this industry, clients often hire for a project, and when the project is done, that’s the end of the relationship. Projects can last a few weeks or months, and then it’s turned over. It’s seldom that clients develop the trust and a working relationship that lasts a decade, but it’s a milestone that’s been accomplished at Coherent Marketing.

    In 2013, the African Leadership Institute wanted to transition from a web 1.0 site to something that would better reflect the work they did in developing the next generation of world-class African leaders through their flagship programme, the Archbishop Tutu Leadership Fellowship.

    Read more …

  • Falling foul of copyright ambulance chasers

    When selecting a vendor to provide website development or digital communications, make sure that they provide services that prevent your organisation from legal action due to possible copyright infringement. More importantly, your vendor should help your organisation put in place processes to ensure you manage images and music, understand digital rights and licenses, and save the licenses for images you use.  This is true for digital content used on your website or in social media posts.  Choosing a vendor just because they had a really, really low price to produce your website - but expose you to copyright claims - becomes a quick method to discover that you get what you pay for.

    Artificial Intelligence (AI) now makes it easier for copyright trolls to threaten organisations for use of an image they have used online. Here's how to avoid that.

    Read more …