Beware of the online business cyber attack
The worst lies are told behind your back. Protect your business from an online cyber attack
It is said that the worst lies are told behind your back. Until recently, rumors about businesses have
generally been oral, fleeting in nature, and (hopefully) not given much credence. Unfortunately, the
dynamics of the rumor mill are changing. In today’s technologically advanced world,
rip-offs, cold calling schemes, etc.
can all be easily found and researched with a few clicks. Just
about everything on the Web, including the good, the bad and the outright lies, is now indexed by
In the online world, rumors and lies are receiving unprecedented publicity primarily because Congress
granted service providers (those not involved in, or responsible for, the content of a Web site) immunity
from liability as publishers of defamatory content. Coupled with the anonymity of the Web, damaging lies
are now easier to tell, and unfortunately it is easier to tell them without getting caught. Even large
corporations such as Capital One Financial
Corporation and Government Employees Insurance Company (more
commonly known as GEICO) are
not immune to these lies and online defamation as a whole. However, these
lies do not simply come across to others as baseless rumors. They now have credibility, because they are
right there on the Internet to see! To make matters worse, sometimes others will appear to have posted
similar false claims about a company, giving the appearance of independent validation.
The source of the defamation seems to come from four types of online information purveyors: Weblogs,
industry forums or boards, commercial Web sites and self-proclaimed
consumer protection sites. Regardless
of the source, there is almost always a direct economic motivation by the author. Perhaps the responsible
party is an affiliate or supplier of a competitor, or the competitor itself. For example, recently, an
online industry forum was providing customer satisfaction ratings in a seemingly objective manner. It
became quickly apparent, however, that the revenue from the site was exclusively banner advertising, and
those companies not advertising on the site were receiving negative customer ratings.
Of particular interest lately are the spam sites that label a company a spammer. The reason these companies
are labeled as such is due to the fact that these sites use a definition of spam that includes even those
companies complying with the federal CANSPAM Act. For example, let’s say a site owner is reportedly selling
e-mail software in competition with many of those reported as spammers on his own site. Well, all you have
to do is follow the money as that is often the motivating factor for the publication of online defamation.
It is not surprising, then, that the most prevalent platforms for defamation are chat boards or forums on
which competitors, acting like customers, offer up damaging testimonials about how your company is engaged
in fraud, scams, lawsuits – such as those involving RICO offenses, for example – and rip-offs in general.
Of course, the author, purely for the benefit of public consumption and protection, helpfully points out
that all of your employees are sleazy and crooked. The general public, your customers and your vendors
often view these comments on public service sites as unbiased and, therefore, truthful. If you rely on the
Web to drive business sales, how many unknown prospects went elsewhere after researching your company?
Unfortunately, these are complex matters to solve. Search engines, Web sites, chat boards, public service
sites, rating sites and the like generally will not agree to remove a defamatory post without a court order.
After all, Congress gave them immunity from liability. However, there are ways to deal with online lies
without engaging in a lawsuit.
Sometimes the site publishing the statements is not a quality and reliable service provider, such as the
Better Business Bureau, since it influences content and is therefore not immune. The realization of possible
litigation tends to get the attention of the site proprietor if a convincing theory of liability is put forth.
Also, occasionally the poster can be tracked down and identified through research. An author facing a lawsuit
can often be motivated to remove the offending postings. An employee’s actions are often imputed to a company,
so that legal notice to a business that is a suspected source can reap dividends.
In the end, though, if litigation does become necessary to identify the author and to seek damages and an
injunction, the anonymity of the Web often dissolves. The chance of identifying the author is high if you
move quickly. Remember that most Web sites and ISPs keep log files and access records for between 30 and
90 days, so time is of the essence. However, having your lawyer send a standard cease-and-desist form might
be unwise as you may find it posted as support for newly alleged
extortion, intimidation and harassment.
All demand letters, such as the aforementioned cease-and-desist letter, must be exacting, detailed, tactful
and direct, and have allegations supported by facts that the recipient would not want to post.
The following are steps your company can take to manage the damage caused by this type of cyber attack:
- Monitor the search engines. I strongly recommend utilizing the Google Alert feature. This feature sends a
report of indexed results based upon your keywords (consider using company, business, product, officer and
key employee names). While you are at it, consider adding your key competitors to the alert for business
- Designate a person to search the top engines (Google, Yahoo!, MSN, AOL, Dogpile, etc.) and have that
person take note of the results of your keywords on a regular basis.
- Do your best to determine what your customers, and prospective customers, are hearing about you. There
are ways to prevent search engine spiders from indexing a Web site, and even the most devious competitor
can post lies, providing a confidential link to select parties. Remember: the worst lies are told behind
How often does Internet defamation and related defamation of character occur? More often than you may realize.
Many times, the only way to know about these rumors is to search the engines. The following are a sampling of
the issues my firm has tackled.
- A prominent online business was targeted on a Weblog through Internet defamation and the posts
escalated to the point that death threats were being made and a map to the company’s headquarters
was posted. Google had indexed the blog in the first position whenever someone searched for the
- A small business was defamed by a competitor launching a Web site. The competitor went so far
as to post a portion of the small business owner’s credit report.
- Industry bulletin board posts from a former customer claimed that a client was running a scam.
- A consumer protection review site seemed to always return extremely negative and detailed
reviews of any company not advertising on that particular review site.
- An unhappy customer launched an extensive Web site critical of a client, which included false
and misleading claims and altered documents.
- A nationally recognized speaker was defamed on a series of review sites surreptitiously run
and controlled by competitors and indexed high on the major search engines.
- A prominent university professor was informed of a site containing his name and photograph. The
site falsely claimed he was a convicted pedophile.
- A long-established and upstanding franchise company was attacked on fraud, scam and rip-off
reporting sites by a disgruntled former franchise holder.
- A Web hosting client was wrongly sued for hosting an allegedly defamatory Web site, despite
being immune under federal law.
- A dissatisfied distributor of a client’s products used a copy of the client’s electronic
customer list to send out defamatory e-mails to all of the client’s customers.
- A client was sued in California for allegedly creating defamatory postings on a Web site forum
made by a third party.
- Dissatisfied customers decided to publish defamatory statements that quickly appeared on the
first page of organic Google results.
- A client’s business was initially referred to by a popular blogger as a scam, an inaccurate
description requiring immediate attention as the results were appearing at the top of Google’s
- A business was told it would have to pay a very significant amount of money for a defamatory
posting in order to be removed from a rip-off reporting site.
- The major business bureau issued a fraud warning on a client, threatening the existence of
its business, without having conducted adequate due diligence and appropriate analysis to fully
understand the nature of the business.
- The president of an online marketing company was in the cross hairs of a former client. The
former client launched a site dedicated to attacking the other client’s business and posted links
on a major scam Web site to his personal site and demanded money for its removal.
- A disgruntled customer posted a string of defamatory comments on his Web site and demanded an
exorbitant sum to remove them.
- An industry rating Web site had a client baffled as the great majority of complaints were
about that particular client. After investigation, it became clear that the site was owned and
controlled by its chief.