20131213 Dodgy Due Diligence in Social Media

We, as an industry, are increasingly sold the idea that social media is the first reliable port of call for due diligence: basically, the idea is that if a person doesn’t have, for example, a Facebook or a LinkedIn profile, they don’t exist, that they are inherently somehow lacking in credibility.

The argument is that the opposite is true: that an effective social media presence confirms that person’s existence and presents corroboration of what they are saying.

It’s not as reliable as it seems. And worse, it’s causing a credibility issue for companies.

I have a lot of social media contacts through one of the business connection sites. I downloaded a list and the first thing that struck me was how many do not use corporate e-mail addresses. I can understand that, to a point: I know someone who left a company and then, because he had lost his password and no longer had access to the corporate e-mail account that a replacement would be sent to, could not update his online profile. Eventually, the administrators helped by deleting the account entirely.

That seems to be, potentially, a bigger problem than it might first appear.

But the opposite side of the coin is that there is a danger in using email from anonymous email providers: such addresses do not help to verify the person who may be applying for a job, trying to open a bank account or any one of a host of activities that mean that the other party needs to know who they are dealing with.

In the USA, a partner in a major international accounting firm was fired and convicted of offences: his LinkedIn profile remained intact long after he left raising questions as to who monitors the use of social media and the credibility risks that they can cause.

It was recently reported that two “testers” created a false identity on Facebook and used that to act as an entry to confidential US military data.

Recently I adopted the idea that, instead of my messages being lost in the dreadful “noise” that LinkedIn has become (see yesterday’s blog entry), I would issue a monthly newsletter to my contacts who may, if they wished, simply unsubscribe. I sent the first one out yesterday. Just over 1% bounced with the message that the e-mail account did not exist. Of itself, that’s a concern if 1% of LinkedIn users are not immediately verifiable by such a simple means as sending an e-mail.

This was fascinating because, of the 38 bounces, 27 were corporate addresses – almost all at banks plus one, perhaps most disturbingly, at an FIU. Of those banks, most were at the world’s biggest banks.

Not, methinks, clever for the companies, etc. And, one has to question, why are defunct hotmail, etc. accounts registered? Only one hotmail account rejected the mail because the account was full – which suggests that it’s never looked at because the storage capacity is large. That one is, then, possibly to be viewed in the same light as a defunct account.

Equally, it demonstrates the fallacy of using social media as anything but the lightest weight in any due diligence exercise.

©2013 Nigel Morris-Cotterill
All rights reserved