Twitter, Spam, and Security

News that a Twitter employee’s personal e-mail account and Google Apps account were hacked put the media darling on the defensive. Biz Stone, Twitter cofounder, emphasized that customer accounts were not compromised; TechCrunch reported the records included confidential financial projections and strategy plans.

Twitter’s security breach exposes the challenges of safeguarding password-protected digital business accounts. Still, online marketers who embrace Twitter as a way to connect with consumers were left sorting out other issues. Most prominent: spam and security.

What’s Spam? What’s Not?

On Twitter, rules are quickly changing and best practices are still emerging. That became evident earlier this month to Moonfruit, a do-it-yourself Web site creation service based in the U.K., when it ran a contest. It gave away 10 Apple MacBook Pros — one each day — to someone who tweeted the hashtag “#moonfruit.” The contest was so popular that #moonfruit achieved a marketing feat: it made it to Twitter’s Trending Topics, a list of top topics mentioned in Twitter message.

Moonfruit marketing director Wendy Tan White contends that Twitter pulled #moonfruit from Trending Topics, describing the move as censorship. In a company blog, Tan raises several interesting points:

What would help me is a clear understanding of what happened, and therefore what the new ‘rules of the game’ are going forward. What does this mean for topics on Twitter? What does it mean for marketers? If we were removed as spam’, when did we become spam, was it ok for the first few days, just not after? And are the creative responses, videos, images, songs, etc. all just spam?

While Moonfruit’s campaign may have annoyed some people, marketers thought Twitter’s apparent response was heavy-handed. “The biggest issue I have is they abruptly removed the trending [topic] without the proper communication or feedback from both Moonfruit and its followers…The only way Twitter can evolve and mature as a platform is [by] learning from mistakes such as this,” wrote Omar Zaibak, author of Blue Falcon Marketing blog, in an e-mail interview with me.

Spammers Get Maximum Exposure

Other instances involving spam are clear cut but still pose a perplexing problem for marketers. When spammers invade discussions involving a popular topic, including those that mention a brand name, event, or movie, is there a way for marketers to minimize collateral damage?

Consider b1taylor1, whose bio reads, “To watch my free SEX video please subscribe to http://tinyurl.com/q5w7u8 for free.”

Using Twitter, she virtually crashed TechCrunch’s Real-Time Stream CrunchUp, an event held earlier this month in Silicon Valley. Conference attendees using the #crunchup hashtag were more inclined to blog about social media ads and other innovations. But, b1taylor1 — whose profile featured a photo of a woman’s curvaceous derriere — added #crunchup, #iranelection, “Harry Potter,” and “Bruno,” to her tweets, and addressed five to @cnnbrk, the account for CNN breaking news, improving the likelihood the messages would be seen by anyone tracking those topics. What’s more, each one of b1taylor1’s tweets included a URL to different Web sites. (None were live links by the time I checked them out — six days after the tweets appeared.)

In a worst-case scenario, URLs in suspect tweets could lead to malicious sites that infect computers with rogue software, said Michael Doeff, who launched the Stop Twitter Spam blog more than a year ago to put a spotlight on troublesome practices.

Marketers have limited options on this front. Marketers or their followers can introduce new hashtags when they see one get polluted by spammers. But that’s not practical. Twitter will have to aggressively weed out spammers or a business service will come to the rescue with a new tool that addresses the problem.

Twitter Apps: Look Before You Leap

Have you ever come across a promising Twitter application that you’d like to try out now? Doeff has some advice: research the service before sharing your or your company’s Twitter account name and password. “People get a surprise when a third party turns out to be tweeting things on their behalf — hijacking their tweets and [sending] them out to their followers,” he said. Under a worst-case scenario, a nefarious service can attempt to use account credentials to hack into other accounts.

Take one look at Aviv Raff’s TwitPwn blog, and you’ll get an idea of the security shortcomings in Twitter tools. Raff identifies each service, describes the security shortcoming and its “Twitter affect,” and reports on the vendor’s response. “The vulnerabilities were fixed several hours after they have been reported. Excellent — 5 twits,” he wrote in post this week in response to security holes flagged for one service.

URL Shorteners: Nifty but Tricky

Are spammers using shortened URLs to trick people into clicking on a spammy Web site? MessageLabs, a division of Symantec, told “The New York Times” that 2 percent of all spam uses shortened URLs.

URL-shortening services cropped up to enable anyone sending a message on Twitter to squeeze a long URL down to size to meet Twitter’s 140-character-per-message limit. URL-shortening services also offer other features, including traffic summaries and analytics of use to marketers.

For now, brands don’t have a lot of control if their trademark is mentioned in a message that directs people to a spammy site by way of a shortened URL. “We need better tools from Twitter to see where [shortened URLs] are going,” said Doeff.

In the meantime, he sees some advances that will benefit consumers — and marketers. For instance, URL-shortening service bit.ly has developed a feature that alerts people if a shortened URL may take them to a suspicious site. Other Twitter tools are also adding features that make it easier to see where shortened URLs will really lead visitors.

Reputation Management: What Brands Can Do

While it’s challenging to keep up with new applications, there are some measures that businesses can take to better protect their brands. In an e-mail interview, Paul Wood, senior analyst at MessageLabs, offered these tips:

• Avoid data leakage. “Social networks, blogs, and microblogging sites are potential vehicles for data leakage from an organization. Having the appropriate acceptable usage policies in place will help to guide employee use, and the application of management tools to monitor usage is important, as well as internal awareness-raising of the issues and risks. Many sites also allow content to be uploaded via mobile phones and SMS text messages, so ensure that the policy extends to these tools too. Ensure there is clear separation from business traffic and personal usage, including the use of protected brand names.
• Monitor your brand name. “It is relatively easy for someone to create an online profile and then post disparaging remarks on that profile about an individual, company, or product. Many companies are regularly monitoring the use of key brands in postings to ensure they are able to respond quickly and effectively to any customer complaints, or if there is a copyright violation to be able to escalate that quickly with the site in order to remove the offending content.”

Meet Anna Maria at Search Engine Strategies San Jose, August 10-14, 2009, at the McEnery Convention Center.