“A lie can travel halfway around the world while the truth is still putting on its shoes.” That popular quote is often attributed to Mark Twain. But since we’re talking about misinformation and disinformation, you’ll be unsurprised to learn Twain never said that at all. In fact, no one knows who first strung those words together, but the idea that truth spreads slowly while lies spread quickly is at least several hundred years old.

The “Twain” quote also serves to highlight the difference between misinformation and disinformation. Misinformation is a mistake. It’s false information spread with a benign or, at the very least, non-harmful intent.

Disinformation, on the other hand, is deception. Its intent is to mislead, cause harm, or profit from a falsehood. And as long as lies remain profitable and easy to spread, businesses must learn to be quick on their feet.

The Damage Done by Disinformation

It all boils down to intent: What is the aim of the person or group spreading the information? Real-world examples show the harm these deceptions cause and the seeds they plant for future exploits.

In 2019, scammers used AI software to mimic the voice of a European energy company CEO. They placed a call using the fake voice and urgently asked an employee to send €220,000 ($243,000) to a Hungarian supplier within an hour. The scammers, nervous because the money didn’t arrive as quickly as anticipated, called twice more. This made the employee suspicious. By then, it was too late to recall the funds. The scammers got the money, but fraud insurance protected the company from any monetary loss.

Though little harm was done, this incident foretold future danger. This was the first known time AI was used to mimic a voice to commit fraud. Cybersecurity experts believe the next step will be using AI to mimic voice and facial expressions. If it looks and sounds real enough, no suspicions will be raised. The scam will be harder to detect, and therefore more successful.

Disinformation as a Service

Disinformation can have many goals, and the COVID-19 pandemic presented a huge opportunity for scammers. A scam from 2021 showcased the Disinformation-as-a-Service trend, where an outside source pays for social media influences to spread and promote disinformation. Fazze, a PR agency that seems to be backed by the Russian government, asked successful YouTubers to criticize the Pfizer vaccine. Promising big paydays, the firm asked influencers to spread disinformation, not to discuss their sponsorship and to act as if they were just sharing information. The plot blew up when a couple of YouTubers went public about the weird offer. The BBC reported speculation of Russia’s connection to the scheme to promote their own vaccine, Sputnik V, highlighting how nation-state attacks often prompt disinformation campaigns.

SMBs can be targeted as well. Disinformation spread by the fake review market dramatically affects small, local businesses. A study of the direct influence of fake reviews on online spending estimated that fake reviews cost businesses $152 billion globally in 2021. The study mentions an Australian plastic surgeon whose business dropped by 23% in a single week after a fake review was posted. A California-based plumbing business lost 25% of its business when a competitor posted a fake review. In New York, two busing companies found that fake positive reviews successfully diverted business from one company to the other.

How to Fight Disinformation and Misinformation

Disinformation is profitable, which forces businesses of all sizes to contend with it. Luckily there are steps you can take when faced with a disinformation or misinformation attack.

1. Educate your teams. There’s a non-zero chance that malicious actors will target your business. Your CSOs and CISOs need the technical and social skills to combat disinformation. Disinformation is both a security issue and a communications issue, so your comms and marketing teams need training as well.

2. Make a plan. IT teams craft recovery plans for natural and man-made disasters; you need something similar for a disinformation disaster. Define team roles and what steps they should take when disinformation hits. Use likely scenarios to test the plan and find flaws so everyone is ready when disaster strikes.

3. Bring in outside forces. Sometimes the PR and communications mess is too much to manage internally. Your IT and security teams may be unfamiliar with how to mitigate these attacks. Bring in outside teams that know how to fix technical and PR messes sparked by disinformation. Research these companies ahead of time so you know who to call when an attack happens.

4. Use social media monitoring tools. Social media monitoring can’t stop an attack, but it can give you hours or days of advance notice that something is afoot. In the end that can be enough warning to enact your plan and contain the damage.

How to Prevent Disinformation Attacks

Prevention is easier and less costly than fighting against a disinformation campaign that’s out of control. There are a number of preventative steps you can take to further protect yourself.

1. Always look for risks and vulnerabilities. Know the avenues that threats can take. Do you have a well-known CEO? Does your brand take a stand on controversial issues? Are you a small business that lives or dies based on reviews? Any of these can prompt attacks. Look for weaknesses and shore up your defensive posture as soon as possible.

2. Master social media. Monitoring tools may help you know an attack is coming, but social media can be a defensive weapon as well. Know what people are saying about your organization. Track social media conversations that are happening around your brand that you are not driving. If any activity becomes concerning, the communications team can address it.

3. Be proactive. PR, communications and marketing teams should hold continuous and authentic conversations with customers. This builds trust and makes customers more likely to turn to you first with questions rather than spreading false information. Promote partner and vendor conversations for the same reason.

4. Practice good information hygiene. Never spread unverified information. Know who your trusted sources are and how to spot a hacked, compromised or spoofed source. Teach employees how to guard against threats such as phishing and social engineering. Also, communicate expectations about conduct when on company business and how employees should express themselves without putting the company in focus. Lastly, train the C-suite on reputation management and how to navigate tricky situations where their conduct could be videoed and shared.

Disinformation will continue as long as it remains profitable. Above all, your best plan of action as a business is to ensure you’re not an easy mark.

More from Fraud Protection

Kronos Malware Reemerges with Increased Functionality

6 min read - The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

6 min read

A View Into Web(View) Attacks in Android

9 min read - James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

9 min read

New DOJ Team Focuses on Ransomware and Cryptocurrency Crime

4 min read - While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence Index 2022 named ransomware as the top attack type in 2021. What exactly is the DOJ doing to improve policing of cryptocurrency and other cyber…

4 min read

What Are the Biggest Phishing Trends Today?

4 min read - According to the 2022 X-Force Threat Intelligence Index, phishing was the most common way that cyber criminals got inside an organization. Typically, they do so to launch a much larger attack such as ransomware. The Index also found that phishing was used in 41% of the attacks that X-Force remediated in 2021. That's a 33% increase from 2021. One of the biggest reasons threat actors are increasing phishing attacks is that all it takes is one employee to make a…

4 min read