A couple of months ago, I noticed a Twitter account that was linking to some interesting articles. The account was in the name of Alex Van Pelter, an Oracle VP. Specifically, the vice president of cloud operations marketing. Seeing that he had some 14,500 followers -- not surprising for someone with that title -- I chose to follow, too.
But there was something odd about his tweets. He provided lots of legitimate links to major media stories, but that was all. No commentary tweets. Unexpectedly, many of the tweets didn't seem to have much to do with Oracle or even cloud. The tweets were impressively non-promotional, which is not typical for Oracle marketing VPs.
It didn't add up, and I wanted to figure out what was really going on here. That's when things got bizarre. The photo on "Alex Van Pelter"'s Twitter and Facebook pages turned out to be a stock image. (By the way, Google's image search is quite impressive. With just a right-click, I found everyplace that image existed.) The name "Alex Van Pelter" never turned up in online searches, other than on social pages, which you wouldn't expect for an Oracle VP. The Oracle switchboard said there was no such employee. Oracle confirmed that not only does that VP title not exist, but there is no group for "cloud operations marketing." The Van Pelter account even gave the wrong location, pegging Oracle's headquarters in Palo Alto, rather than Redwood Shores. (Oracle apparently doesn't even have an office in Palo Alto.)
Yes, what we had was a spammer account. It didn't reveal itself by using links that went to suspicious sites. It only linked to legitimate, well-known sites. The game seems to consist entirely of collecting the contact info of followers.
The subtlety of this scam is impressive. How do people decide to follow someone they don't know? Often, they will decide that someone could be a useful contact based on where the person works and what his or her title is. A secondary but important consideration is the number of followers. Someone who claims to be the CEO of General Motors but who has only four followers is going to be viewed skeptically.
Oracle spokesperson Lauren McKay said that Oracle's legal team is looking into getting the Van Pelter account taken down, but 15 days after we flagged the account to Oracle, the account was still live. If Oracle's considerable legal muscle isn't enough to get the site taken down, what chance do smaller companies confronted with a similar situation have?
But Oracle isn't the victim here. It's not as though this spammer was using this bogus account to say nasty things about the company. The victims are the followers.
Coming at it from another direction, who is at fault? The situation raises serious questions for Twitter. (Note: I reached out to Twitter media relations weeks ago and have yet to hear back. By the way, if anyone at Twitter is reading this, if you're going to tout that "the fastest way to reach our media team is to write to" your media relations email address, it might be nice for you to actually respond to messages sent there. Just a thought.)
What authentication mechanisms does Twitter have in place? Can I create a new Twitter account and say that I'm a U.S. senator? Or an executive VP for Walmart or Apple? Does Twitter have any system to verify the company and title (and name) used on accounts? On the back end, does it have an effective method for handling fraud complaints?
I have a feeling that Twitter's answer to all of those questions is, "It's a free service. What do you want for your zero pennies?"
The onus therefore falls on users. I hate to suggest that you need to perform due diligence on every potential Twitter account you might want to follow, but if Twitter isn't doing it (and it clearly isn't), you pretty much have to. Search the Internet for that name and title and see if it matches. Do an image search on the account holder's photo. See if the feed has anything other than external links. Do the comments make sense?
The best suggestion -- which almost everyone will ignore, of course -- is to choose people to follow based on what they say in their tweets and how valuable such observations are to you, rather than their company and title. (This advice is a little easier to take when you remember that the more senior the exec and the larger the company, the less likely they are to handle their own tweets. There are exceptions to this, clearly, but it's a good general assumption.)
Speaking of social media flubs
Now, as long as we're on the subject of social media, allow me a couple of rants about LinkedIn.
In general, I am a fan. I think its potential for valuable interactions and information sharing is huge. (Watch what your IT staffers post on it, though. You may have more sensitive data leaking out than you realize.)
My LinkedIn complaint is the lack of sophistication behind the automated messages to "offer congratulations to your colleague on their new job." The software makes the absurd assumption that any change to a resume is a new job. For example, I added in a several-year-old item -- just to keep my bio accurate -- and it flooded me with unwarranted congrats on a new job that was neither new nor a job. (It was a series of guest lecturing gigs at a university.) I have seen similar things happen to freelancers who pick up a new client.
The solution is simple: Anytime someone updates his resume, a pop-up could materialize that asks, "Do you want your followers to be alerted to this change?" A simple yes/no option would wipe out the vast majority of these kinds of errors.
Another LinkedIn complaint is the way it asks if someone wants to follow you. Current invites generally offer two choices: accept or ignore. How about decline? Better yet, how about an option that says, "How do we know each other?" I would pay good money to have that last one added to LinkedIn.
If LinkedIn is serious about making sure that followers are truly relevant people, this is an easy fix. The fact that it has yet to do it certainly raises the question of whether that is its goal.
As long as I'm offering free ways to improve LinkedIn (no need to thank me, LinkedIn), it has an excellent feature where people can recommend each other's skills. Executed properly, it's a powerful feature. I can look up someone and see who has endorsed his or her various skills. If the CIO of a Fortune 50 company endorses someone for programming, that means something. Well, it should mean something. But alas, an absence of checks and balances means that it rarely means anything.
Colleagues will often complain that they will see lots of people offering to endorse them for skills. But these are people -- often strangers -- who have no way of knowing if these people have their talents or not. It's devolved into "Oh, there's an important person. I'll endorse her for something, hoping that she'll endorse me back." Once again, we have a potentially powerful and useful LinkedIn tool that is quickly becoming pointless because of no rules.
How about requiring that people fill in -- for everyone to see -- a field that asks, "How do you know this person?" and another that says, "Give an example of this person demonstrating strong talent in using this skill." This not only becomes more valuable for the community, but it eliminates noise -- people endorsing strangers in an attempt to game the system.
Evan Schuman has covered IT issues for a lot longer than he'll ever admit. The founding editor of retail technology site StorefrontBacktalk, he's been a columnist for CBSNews.com, RetailWeek and eWeek. Evan can be reached at email@example.com and he can be followed at twitter.com/eschuman. Look for his column every other Tuesday.
Read more about social business in Computerworld's Social Business Topic Center.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.