The Appraisal Institute—a global professional association of real estate appraisers—is not known for its scandalous content.
But this week its Twitter account began posting a series of bizarre links that included references to rape, a link to a racially charged video, and a sequence of a woman sportscaster stripping nude.
In a crisis that reflects any organization’s social media nightmare, AI’s YouTube channel was also compromised.
The attack on the Chicago-based organization’s social media accounts reportedly began Wednesday and was renewed Saturday morning, after AI appeared to have regained control of its account Friday afternoon. Among the new tweets Saturday was a vulgar reference to the chief executive, Frederick H. Grubbe.
Over three days, a series of bizarre messages poured forth on Twitter. One read, “18-year-old: If Your Boyfriend Hits You, It’s A Sign Of Love. –Dr. Phil,” and linked to a video. Another stated, “Happy Friday AI! Casual day has been canceled. Please no slutwear or dressing like hoochies at work!” according to HousingWire.<a href="http://www.housingwire.com/blogs/1-rewired/post/36086-appraisal-institute-becomes-latest-victim-of-twitter-hack?eid=311682046&bid=1289517#.VqKffmkLtkM.twitter"
<a href="http://www.housingwire.com/blogs/1-rewired/post/36086-appraisal-institute-becomes-latest-victim-of-twitter-hack?eid=311682046&bid=1289517#.VqKffmkLtkM.twitter" RELATED: Keep your cool in a crisis with these 13 tips.
Trolling the CEO
Among the tweets trolling the CEO was one that said he had done an episode of “Undercover Boss.”
Spokesman Brent Roberts said Friday the matter is under investigation and the institute would not have any further comment. Reached by phone that afternoon in North Carolina, President Scott Robinson said, “I don’t know anything about it.”
As of Saturday morning, the 22,000-member professional institute had yet to issue a press release or Facebook post about the embarrassment.
The hack affected the @ai_national account, which was linked to from the institute’s main website. The organization replaced it with a new account, @RealAI_national.
It is hard to prevent an attack on a Twitter feed or other social media site, says Andrew Gilman, president and CEO of CommCore Consulting Group.
“We’re in world where any aggrieved party or prankster with a keyboard can wreak havoc on an organization,” says Gilman. He added that on Facebook, “They should already have a message on that from their head of communications or their CEO.”
Directives to staff
Along with Playboy-type images, the hacker also tweeted fake directives to staff, HousingWire reported. One read, “to all staff and employees: because its so warm out today, you have to work an extra 2 hours pretending to do actual work,” while another stated, “new company policy in effect: at social gatherings and events, having fun during such events is forbidden. Unless authorized.”
The attack reportedly began when the Appraisal Institute’s Twitter account disappeared from Twitter. HousingWire reported the attack started Thursday, but industry observers said it began Wednesday night and was discovered Thursday.
“At some point Thursday night/Friday morning, the Appraisal Institute’s Twitter account reappeared as @AI_sucks_big,” HousingWire stated.
Shortly before the AI Twitter feed was temporarily shut down Friday, an image from the hacker group Anonymous appeared as background on the Twitter account, and it reappeared Saturday. AI, however, seemed an unlikely target for the hackers collective, and it is possible a hacker was simply trying to cover his tracks.
To prevent problems, Gilman says, organizations must develop a good reputation within their communities and police their social media accounts, acting quickly if an attack occurs. In responding, use a multi-channel approach through other social media properties to communicate, he says.
The digital vandalism is only the latest in a series of embarrassments for companies. Hacks are commonplace, and in 2013 disgruntled former staff mutinied and took over a retailer’s Twitter account to express their anger at being fired.
Keep the keys
It’s important that anybody who has the keys to social media accounts have them taken away when they leave, says Shel Holtz of Holtz Technology + Communication. Also, companies should require widespread training to employees so they don’t fall prey to scammers or hackers.
Holtz says: “What happens is, you pick up the phone. You’re busy. And somebody says, ‘Hi, I represent GoDaddy, and we’ve got an issue with your account. To resolve it, we just need your password.'”
Employees should be trained not to respond to such scams, he adds. Also, alarmingly, the most popular passwords are the easy-to-guess 123456 and qwerty.
Similarly, company Facebook pages are sometimes filled with inappropriate messages simply because the organization doesn’t check the account regularly, Holtz says.