NOTE: THIS ARTICLE IS AWAITING PUBLICATION ON MOZ.ORG
We are long time lurkers on Moz.org, and have been helped tremendously by many of the posts that are authored there. It’s our goal to give back to the Moz community by sharing some of what we’ve learned in the wild, wild west of the Internet and the digital media world.
We understand that Moz is a great place for learning about inbound marketing techniques, conversion rate optimization, and many other helpful items. The same businesses that make the best use of these techniques are also the ones that are at the highest risk for the damaging Internet attacks that we see daily in our cyber investigation business.
Companies that derive a substantial amount of revenue from Internet inbound marketing face the possibility of a variety of efforts to intentionally hurt the company, and it’s easy to fall prey if you’re not aware of the risk. A short list of these issues includes, but is not limited to:
- Brand assassination
- False representations by competitors
- Negative SEO
- Denial of service attacks
- Click fraud
- Brand impersonation/phishing
- Stealing of critical intellectual property via the internet
- Stalking of key personnel
Though people recognize that larger companies are frequently victims of these types of attacks, and are aware of the recent attack on Target and its loss of 70 million records to a hacking attack, most assume that these issues are not impacting small to midsize companies. If you are a business owner in this market, assuming that you are not vulnerable to attack is a mistake.
Every year our firm receives several thousand requests for help from small to mid-sized companies that have been cyber attacked, and we believe that we are seeing only the tip of the iceberg. Based on our experience we speculate that if you are doing significant business on the Internet there is a good chance you will experience at least one of these issues over time.
In this post we will bring you up to speed on what is happening in brand assassination. Each week we’re contacted by businesses that have been attacked, and they all tell a similar story. They describe themselves as businesses that have worked hard to build their reputation, with some being in business for as long as thirty years. Then they tell us that they find themselves under attack by a single rogue person who is usually anonymous, and that person is trying to destroy them. I just finished a call with one of these companies; the attacker actually sent an email specifically stating that he was going to ruin them.
Bing Liu, a researcher at the University of Illinois at Chicago, has estimated that about 30% of the reviews online are false. From what we’ve seen, a substantial percentage of those false reviews are negative, and have a serious and damaging impact on victim companies.
What make these brand attacks so very damaging is that they can have a huge impact. Based on our firsthand experience, a single very negative review – which often turns out to be false – can lower a business’ revenue by 10 to 20%. Since these attacks almost never consist of just a single review, the impact is often much greater. For example, a single Ripoff Report that ranks highly under a brand search can drop a business’ revenues by as much as 75%.
While we understand that some companies spout gloom-and-doom numbers to sell their services, the figures we’re presenting here are very real. As expert witnesses asked to testify in lawsuits involving these attacks, we’re often asked to dive into traffic and conversion numbers, and we’re amazed by how impactful negative Internet branding issues can be for a company. Time after time we’ve seen healthy companies placed on the brink of ruin by a reputation attack: often, the amount of time it takes to go from perfectly healthy to seriously in trouble can be as short as two months.
One common belief is that negative reviews are simply written by a consumer voicing their first amendment rights about a crummy company. It’s been our experience that only about 10% of the requests for help that we receive come from issues with real customers. What we see a lot of are malicious attempts at brand assassination perpetrated by non-customers posing as real customers.
So instead of the damage being done by postings logged by dissatisfied customers, our experience has been that the poster is almost always one of the following:
Former or current unhappy employee posing as customer
- Former significant other of key personnel or of company owner
- Former business partner
- Competitor trying to divert business
Imagine that you wake up one morning and the company you founded and have grown step-by-step is now being attacked on the Internet with completely false information. Imagine that the attack is outrageous, but for people who don’t know your business it seems completely believable. It is not at all uncommon to see fake reviews that look something like this:
Company XYZ stole $2,500 from us, and despite repeated attempts to contact the company they have simply ignored us.
If a review like this ranks highly in a search of your brand then there’s a good chance that you’ll experience a significant drop in business. What’s worse is that even though reviews like this are often entirely made up by non-existent customers, they can’t be removed by simply contacting the website on which they are posted. Further, because of the Communications Decency Act, there’s no way for a lawyer to write a letter to the site demanding its removal. If this happens to you it’s important that you act quickly before too much business is lost.
Now that we’ve given you some insights into what happens in the real world of brand assassinations, let’s look at what you can do to minimize your risk. Essentially, it boils down to three key steps:
The best and simplest protection is to create content that ranks well in a search for your brand. DO THIS BEFORE YOU HAVE A PROBLEM. Around the MOZ community there is plenty of insight on how to accomplish this, so I won’t bore you with those details.
Monitoring is also pretty simple. Almost every major problem that we’ve worked on has shown up when we’ve Googled the company’s brand name. Once a week, do a Google search for your own brand, but time limit the search to the last seven days to make sure nothing significant has been posted.
Now for the hard one: defending yourself if you come under attack. Let us be the first to say that most of the information that you’ll get from the Internet, from law enforcement, and even from your trusted attorney will be inaccurate. Almost every client that has come to us for help has received bad information on what to do. Though the general consensus is that very little can be done about these types of issues, that’s not correct. Your attorney is probably providing you with the best advice that they have based on their own experience, but there are a handful of lawyers across the country that really understand this area well. If your issue is truly threatening to your company, make sure that you speak with people who work with these issues daily.
Depending upon the particulars of your online reputation attack, there are several possible courses of action you can take, including:
- Doing nothing
- Contacting the party personally
- Working with the website(s) where posted
- Internet investigations and sting operations
- Attorney cease and desist letters
- Litigation and court ordered injunctions
- Online reputation management
The bad news is that there’s no simple way to determine which solution is best on your own. My suggestion is that if your company finds itself in a situation that will cause significant loss of business, reach out to someone who has a multidisciplinary view of all of the approaches as well as a track record of getting positive resolutions. When these situations arise you don’t have the luxury of trial and error.
The good news is that if you work hard to build your brand reputation, monitor your brand weekly and react quickly when a problem arises, you’ll be able to solve approximately 90% of the major problems that we see.