social media security mobile phone password passcode

How a .brand can help secure your social links

By Corey Grant,
Senior Advisor – Professional Services, Neustar

In a recent blog, Tony Kirsch wrote about the emergence of short links through the growth of social media, and particularly how this has become an antiquated approach with new tools available for greater customization and branding of the social link experience.

Read Tony’s blog now for some more background.

As mentioned in that article, in order to make their social links a little more recognizable to consumers, most organizations try to find a short domain ‘hack’ that looks something like their brand. For example, Virgin uses virg.in and Best Buy uses bby.me. These links look far better than using someone else’s generic link (such as bit.ly, po.st or ow.ly), but they are still imperfect digital representations of the brand.

People now apply less scrutiny to links in social media than in other areas of digital. We’re all familiar with the risks of clicking on spam pop-up ads promising miracle weight loss results, and phishing emails from Nigerian princes begging for help moving money around. And for the most part, people are becoming more cautious of these malicious attempts.

But in social media, when domain ‘hacks’ are commonplace and a link appears to come from a brand you follow and trust, how are consumers to know when it’s legitimate? If you saw a link that said www.a.ll.st/ would you click on it or type it in? Maybe not. After all, it looks a little suspicious.  Yet this is the official link shortener used by insurance company Allstate. In social media, URLs are not expected to look like traditional URLs – they’re in a class of their own.

social media security mobile phone apps

Breaching social media security: a case study

During our recent webinar, we discussed how simple it is for bad actors to impersonate a big brand in social media by using these domain representations for malicious purposes.

Here’s an example of what we mean.

Firstly, we showed how you could hypothetically create a Twitter account using a similar name to a big brand, along with their logo.

social media security twitter example

Secondly, we purchased an example domain name that could be crafted to look similar to the original brand. In this example, we chose lmart.me for a cost of USD$7.99. This quickly and easily becomes wa.lmart.me, which looks entirely convincing given what consumers have been conditioned to accept.

social media security domain name example

Finally, we created a hypothetical tweet that looks like something the actual brand would post. This can include popular hashtags (in this case #holiday and #toys) to broaden the audience. Then the link is simply pointed to a malicious site designed to capture data that separates people from their money – using the chosen URL shortener.

That’s it. It’s scarily simple and frankly, I’m surprised it doesn’t happen more often.social media security example tweet

social media security hacker anonymous mask

Security breaches and consumer trust

It’s an unfortunate reality that we live in an age where impersonation and data theft are commonplace. The recent Equifax data breach was a major headline in 2017, and rightly so, but for those who work in cyber security it was neither new nor surprising.

In 2016, reported losses included over 1.8 billion records obtained through a variety of nefarious purposes, such as malware, ransomware, phishing, and keyloggers. These are terms that far too many of us are now familiar with.

And in February this year, AdWeek reported that counterfeit goods are “a $460 billion industry”, largely due to malicious actors online. The report, from the International Trademark Association, found that “the internet makes it easy to hide” and in fact named Facebook as one of the top 10 sites for the buying and selling of counterfeit products.

The sheer volume of bad actors trying to make a buck from companies and their customers means that creativity isn’t in short supply. If you thought the exercise of training employees against clicking on dangerous email attachments was hard, consider what it would take to educate the general public not to click on an impersonator’s Tweet.

A .brand new approach to secure links

So how does a .brand help make social links safer for your organization? To start with, it adds unprecedented control. Nobody can register a .brand domain except the organization that controls that .brand. This means that if you are using your .brand in social media, users can trust that the link really is from you – and it cannot be replicated by an external player. On top of that, organizations with a .brand will find themselves with a massive advantage over their competitors without their own branded extension.

Simple implementation is another benefit. Most organizations already use one of the many free or low-cost short link providers which enable the use of branded domains, such as Bitly or Rebrandly. Once you’ve registered a domain and set it up in your chosen platform, the new .brand link can be used in every social media post moving forward. This process is exactly the same as using any other custom URL shortener – no special set up required.

You can see this live already – check out HSBC’s Twitter to see its branded shortener grp.hsbc in action, or even look at our own @NeustarTLDs Twitter to see our use of i.neustar!

Those lucky enough to have a .brand can now drastically reduce the risk of malicious impersonation on social media by taking the simple step of using their .brand for their short links. Given recent feedback from our clients, and the rise in registrations of short .brand domain names, such as “go” and “on”, it seems there are more .brand URL shorteners on the horizon.  We can’t wait to see this become the standard in social links – and to help put the bad guys out of business.

Subscribe

Stay up to date with the latest .brand news and views by entering your email below.

About MakeWay.World


The digital landscape has changed, and disruption is no longer just for startups. In today’s increasingly cluttered market, some of the world’s biggest organizations are turning the tables on digital and taking back control of their brand. A .brand Top-Level Domain creates new pathways to forge stronger connections with your customers. With your company or brand name to the right of the dot, you gain an unprecedented level of control, flexibility, and security for your digital presence – in addition to endless new possibilities for creativity and innovation. Make way for branding that cuts through the clutter. Make way for better customer experiences and real, meaningful connections. Make way for a new evolution in digital. Make way world, for the digital superbrand. MakeWay.World is the online hub for news, resources, tips and inspiration on .brands. Whichever direction your .brand takes you, MakeWay.World provides the insight and guidance to get you there.

Get in touch


We are commited to providing the latest information regarding .brand TLDs and any interesting news around Registry solutions for brands. If you have a story or press release to share, an update for our Showcase, or questions about anything on the site, please contact us at dotbrands@registry.neustar

Copyright ©2016 Neustar, Inc. All Rights Reserved.
Privacy | Legal