A few years ago, one of my clients, a large financial services organization, fired one of its C-suite executives for cause. The executive’s separation was acrimonious, leading to litigation and counterclaims.

Shortly after the executive’s departure, the organization noticed a sharp uptick in defamatory news disseminated via online channels. Some of it was drawing unwarranted scrutiny from shareholders, regulators, and traditional media sources.

To understand the origins of the mud-slinging campaign, the client brought in my team to investigate. The investigation found that the disgruntled former executive — call him “Mr. X” — was the force behind the creation of various anonymous social media accounts, websites, and even a YouTube channel. He used them to spread false rumors about his former employer, its financial condition, and the actions of senior executives.

His modus operandi would be to post fake news via social media accounts and then repost or share it among other channels to “legitimize” the rumors. This inorganic spread was meant to look natural and go viral, and, in many instances, it did gain traction among unaffiliated users. They began liking, sharing, and commenting on the inflammatory claims.

By the end of the investigation, we determined that Mr. X’s goal was not just to embarrass the company but, more deviously, to devalue its stock price. He wanted to do this so he and his associates could launch a proxy fight for board seats. His efforts ultimately failed, but in the process, the company’s reputation took a real beating.

Businesses spend significant time, effort, and expense to identify and guard against threats created by the proliferation of new technologies. While much attention has been focused on hacking, ransomware, distributed denial-of-service attacks, phishing campaigns, and other cybercrimes, the misuse or abuse of social media can also be highly damaging to a company’s brand reputation and share value.

Under Attack

The case of Mr. X was not an isolated incident. In various instances, social media campaigns have been used by investors seeking to manipulate a company’s stock price, activists wishing to undermine shareholder confidence in corporate boards, or state actors pursuing political objectives.

Earlier this year, the Reddit investor forum WallStreetBets created enormous volatility in the shares of GameStop. Whether you agree or disagree with their tactics, it’s hard to deny the impact of a coordinated social media campaign on market value. The Reddit posts were so impactful that they prompted the U.S. Securities and Exchange Commission to review social media for signs of fraud and to issue a statement regarding the market activity:

“[The SEC] will act to protect retail investors when the facts demonstrate abusive or manipulative trading activity that is prohibited by the federal securities laws. Market participants should be careful to avoid such activity.”

Companies may also be targets of social media disinformation campaigns. Note that I am not referring to consumers who use social media to air complaints (justified or not) about products and services. This is about the intentional, coordinated, and malicious spread of false or misleading information.

Coordinated social media attacks can hurt individuals, as well as organizations. A campaign by short-sellers may erode the value of stock held by retail shareholders or investment managers who hold shares on behalf of retirees or non-profit organizations. Similarly, efforts to cast doubt on a company or its products may mislead consumers; if the business suffers severe losses, it may even be forced to cut employees’ jobs. Bottom line — there are real-life victims in these scenarios.

Sleuthing and Strategy

Kroll’s business intelligence and investigations practice is often engaged to help victims get to the bottom of social media threats. Given the anonymity of social media, it can be a challenge to accomplish this while respecting the privacy rights of individuals. However, there are some steps that organizations can take to defend against such attacks.

Know Thy Enemy. One way to determine whether a coordinated campaign is underway is to ask who would benefit from an attack on the organization’s reputation, products, operations, or share price. With that perspective, it may be possible to analyze both the content and flow of information and any metadata identifiable in social media posts or other online content to establish links to parties with malicious intent. In the case I noted earlier, Mr. X was an obvious suspect. We found several connections between the various social media accounts, URLs, and other relevant content and were able to show that the same person had opened all of them.

Don’t Delay. While most organizations monitor their social media in real-time, they often delay their reactions to malicious campaigns. They may try to discover the perpetrators on their own, losing precious response time. It may make sense to bring in a professional investigative team early on and let them do the sleuthing while management decides how to respond to the threat.

Have a Response Plan. Preparing a communication plan in advance is a good investment. Such a plan should designate the key decision-makers, outline a process to assess what level of response is warranted, and identify which platforms or channels to use for such a response. In some cases, a vigorous response may include litigation or referring the matter to law enforcement.

For now, companies remain vulnerable to coordinated social media attacks arising from business disputes, criminal intent, or pure malice. But the damage can be mitigated if management teams focus on understanding their risk exposure, learning to recognize attacks in their early stages, and developing comprehensive response plans that can be executed rapidly.

Sherine Ebadi is associate managing director in the business intelligence and investigations practice at Kroll.