Tag Archives: Interfor International

P.R. in the Digital Age

Recently Don Aviv, President of Interfor International and a Reputation Communications Advisory Board member, and Shannon Wilkinson, our founder and CEO, were interviewed on the topic of reputation management for an Interfor Academy webinar. Their moderator was Jeremy Hurewitz, Head of Interfor Academy.

Don Aviv, President, Interfor International

Interfor Academy is a speaker’s bureau that enables organizations to book elite presenters for conferences, corporate off-sites, or risk trainings & tabletop sessions.

Don and Shannon come from two different sides of reputation management. He is on the investigative, data research, analytics, and monitoring side, helping organizations listen to conversations about them online and red flagging any that have reputational, privacy, or security risk aspects. (We interviewed him on the topic of due diligence in 2018; and more recently published his article, Scrubbing Your Personal Info from the Internet.)  Reputation Communications, manages, amplifies and repairs reputations.

We are interviewing him about due diligence investigations, self-checks (or reverse due diligence), and how the deep dark web plays a role in threatening reputations.

Recently, The New York Times published a lurid expose about Robert F. Kennedy’s Presidential running mate. Do you think due diligence research was undertaken and dismissed? Or not done?

I would be surprised if Kennedy’s campaign was not aware of the allegations connected to his running mate, as many of them have been openly discussed for some time.

We do know that both major political parties haven’t been systematic when it comes to due diligence on opposition candidates. Jeremy and I wrote about exactly that in a piece for The Hill last year. But it will be interesting to see if there is more of this type of reporting. I think it will be tied directly to how he is polling and what type of impact he might have on the election.

How common is it now for deep dives to be done before important hires and partnerships are made?

It is increasingly common. That’s the good news for those of us who campaign constantly for companies to pay attention to reputational and security risk. The difference is in the level of diligence done and making a smart decision about that and what role the individual will play in any sort of company or partnership that is being established.

There is a fast-growing array of technological tools that can help employers get comfortable with low to mid-level hires. That sort of background check is cheap and somewhat effective. These are commoditized services that can give an employer a little reassurance that their prospective employee doesn’t have a criminal record, hasn’t declared bankruptcy, and did indeed graduate from the educational institution they are claiming on their resume.

But when it comes to more senior hires, or major investments being made and partnerships established, it is critical to go much deeper and try to understand the individual’s background and character at a more granular level, and drill down on any red flags to weigh those against whatever that person might contribute to what you’re building. So, in these cases, the more commoditized checks are insufficient.

Those who retain Interfor do so because our analysts have extensive experience in locating and evaluating deep dive public records and providing insight into what they find. True expertise comes into play when it comes to the very human side of collecting qualitative intelligence on a subject.

You used the term reputational “self-checks” during the webinar. What do you mean by that?

We are frequently hired by clients who want to know what their reputational assessment looks like and what might be used against them by someone looking to do them harm – physically or reputationally.

Your firm conducts social media threat monitoring for major corporations as well as for high-net-worth clients. How does that work, and what are they looking for?

While we certainly support HNW clients and celebrities around the world, we also support a large group of executives, nonprofits, foundations and start-ups.  That client base includes any entity or individual that receives negative or unwanted attention through social media, chatgroups, blogs, and other online chatter. We have a global team of highly trained analysts who monitor threats 24/7 for a variety of companies and individuals across all common languages. They are deeply knowledgeable in assessing when someone might turn from an online troll to a true threat. They help identify new threat trends and help clients be proactive in preparing for any incipient risk.

How is AI going to impact what information appears on the internet about people and organizations?

AI will certainly be a force of change. We have seen a remarkable uptick in fraudulent activity ranging from Deepfakes and impersonations, all the way to confidence scams and straight-up harassment and trolling driven purely through AI systems.

For example, one of our clients, a well-known radio personality, has been inundated with thousands of fake product endorsements and ads geared at defrauding his listener base around the world.  Our Social Media Threat Monitoring Team identifies and works to knock down approximately 50 fake ads and websites a week, yet this is likely a drop in the bucket.

Ultimately, without strong regulations, AI systems may add considerable fuel to the “fake news” ecosystem, and your average internet user will have even more trouble discerning fact from fiction.

*

As President of Interfor International, Don Aviv directly supports Chief Security Officers and General Counsel of some of the leading corporations, financial institutions and family offices around the world.

An author on physical security, threat mitigation and corporate security matters, he serves as an expert witness on security-related legal matters. His credentials include Board Certified Protection Professional (CPP); Board Certified Physical Security Professional (PSP); Professional Certified Investigator (PCI) and licensed New York State Investigator. He is an executive board member of Strength-to-Strength, a non-profit organization dedicated to supporting victims of terrorism. Mr. Aviv is also a board member of The Community Security Service, a non-profit organization dedicated to training and protecting local communities.

*

This article is part of our continuing Interview with an Expert series.

 
 
Arun Rao, IGI

Don Aviv, CPP, PSP, PCI is President of Interfor International, a corporate intelligence agency. He is also a Reputation Communications Advisory Board member. This article is republished from his original LinkedIn version.

Today, nearly everything is digitized, and finding personal data about people is fairly easy. Most of us do not even realize just how much of our personal data is available for the world to see. And while the world may not be interested, you never know when a malicious actor or hacker can find your information and put it to ill-use.

People-search sites like Intelius, Pipl, and Whitepages comb through social media accounts, public records, and commercial sources. They neatly package the information and provide it to just about anyone. Information can include criminal records, credit history, past and present addresses, relatives, and more.

The Dangers of People Search Sites

On the surface, people-search sites might seem harmless, a good tool for finding lost relatives or reconnecting with old friends. However, searches can also lead to easier stalking or harassment, identity theft, and the general revelation of information that you would rather keep private.

What makes these sites even more dangerous is that there is no current regulation surrounding data brokerage. The sites are not regulated and individuals can not choose privacy settings. Your information is out there for anyone to see.

The risks of people-search sites are why many people want to scrub their names from them completely. But doing so is not as easy as just wanting it. Even if you manage to scrub your name off at one point, the information is likely to reappear. That is why scrubbing your personal info should be looked at as an ongoing project, not as something you do once and forget about.

Professional Services That Scrub Personal Data

Scrubbing your information from various sites and search engines can be a long, arduous task, which is why there are several companies that offer to do it for you, including DeleteMe, PrivacyDuck, and OneRep. DeleteMe offers one and two-year plans to remove people from all major data broker websites for 1 year. For one person and one year, the service costs $10.75 a month billed annually. For one person for two years, the cost is $8.71 a month, billed once every two years. There is also a Family plan that covers up to four people and costs $27.42 a month for one year.

PrivacyDuck operates on a different payment/plan scheme. There are two plans: Basic for $499 and VIP Privacy for $999. The basic plan covers 91 data sources and up to two people. It delivers monthly reporting for 12 months and offers 50% off the same plan if you buy it more than once a year. The VIP Privacy plan is more comprehensive and covers 190 sources. It also delivers monthly reports.

OneRep removes personal information from Google, Yahoo, Bing, and other search engines. Its standard plans for individuals and families include links to exposed sites, auto opt-out of 105 sites, 24/7 email support, and more. The Individual plan costs $8.33 a month for one year and the Family plan for up to 6 people costs only $15 a month for a year. OneRep also offers a more advanced, comprehensive service for “complex cases” for $225 a month.

As you can see, this type of service is not cheap, especially if you are serious about your privacy. But is it worth it? Only you can decide. Continue on to see if you are up to the task of a DIY data scrub. If you feel that erasing your data by yourself is too difficult, it may be worthwhile choosing a paid service.

DIY Data Scrub

Most data brokerage sites offer an opt-out page, which means scrubbing your data is not necessarily hard, it is just tedious. It means going to many different sites and finding the opt-out page for each. If you feel up to the task, we suggest beginning with the most well-known people-search sites. These include Intelius, BeenVerified, Instant Checkmate, MyLife, PeopleFinders, Whitepages, Pipl, and a few more.

The first step is to check whether your information is listed. If it is, you then need to search around the site and find out how each broker allows you to opt-out. This is a great resource that provides opt-out links for various people-search sites. Be aware, even though we are living in the digital age, some sites require you to send a letter by mail or even fax. Ironic, yes.

Another point of irony: Some sites ask you to provide personal information in order for them to remove your data. If this is the case and you are asked to provide an ID document, make sure to erase any ID numbers that appear on it.

 
 
Reputational Risk of Being A Man

Recently, leaked documents obtained by Forbidden Stories revealed the inner world of Eliminalia, a Spanish reputation management company. Forbidden Stories and partners investigated the company’s manipulation tactics to remove public-interest information from the internet.

Interfor International, the investigative firm helmed by our Advisory Board member Don Aviv,  blogged about Forbidden Stories’ findings. The excerpts below raise awareness of the dirty tactics used by some reputation management agencies, and why it may pay to steer clear of them. That’s especially true if they promise to remove online content, a challenge we have written about here (and here).

Weaponizing Data Protection Regulations

Those who have studied Eliminalia’s strategy identified a pattern. When an article that included unpleasant truths about one of their clients appeared, the company began by sending takedown requests to the journalist, usually through a team member employing a false persona. If the journalist refused to remove their article, Eliminalia went after hosting providers, often weaponizing data protection laws such as the DMCA (Digital Millennium Copyright Act), which was created in 2002 to protect copyrighted content, and the GDPR (General Data Protection Regulation), an EU privacy and human rights law, to push the provider to take down the material.

To exploit the DMCA, for example, they would copy an article, publish it on a third-party website with a falsified earlier date than the original and then claim the real article infringed on the law. Contesting a false claim of DMCA is not easy, leading to long and expensive legal battles many journalists are unable to afford.

Investigators found that if these methods did not work, Eliminalia would then try to hide the material through “deindexing,” which attempts to fool Google into hiding search terms from web results.

Throwing ‘Digital Atomic Bombs’

Eliminalia has used the strategy of “open redirects,” links that appear to drive traffic to legitimate websites but redirect to other fake sites.

At least 622 such websites have been identified. To make the sites appear legitimate, the company mixes content from real sources with positive information about individuals with the same names as their clients.

This method seems to have been successful at influencing Google’s search results, effectively making articles that include allegations against the company’s clients disappear, while replacing them with positive spin.

Now,  Eliminalia and their clients are in the news, and many of their “removed” links and content are back on Google.

Eliminalia is far from the first reputation management firm to create fake news sites to post fake content on. That has been done from the onset of this industry, along with a myriad of ways to post links in places where unwitting internet users would click on, thinking they were clicking on something else.

The problem with using reputation management providers who game the system using what are known as “black hat” methods is that their handiwork is often discovered and undone by Google. You also risk the chance of being identified as a client in investigative articles about them (check out the 2020 Wall Street Journal article, Google Hides News, Tricked by Fake Claims.)

For more insights, read The Washington Post’s article, Leaked files reveal reputation-management firm’s deceptive tactics. And our ultimate guide, The Essentials: Online Reputation Management FAQs.

 
 
CDA 230

This is republished with the permission of Interfor International. Its president, Don Aviv, is a Reputation Communications Advisory Board member.

Reputation management for entities is particularly relevant these days as the whole world watches the Twitter saga unfolding.

With the social media giant in freefall and its new boss Elon Musk pushing his own inscrutable agenda, the question of how organizations can effectively manage reputations during times of change or crisis should be front of mind for the leadership of any organization paying attention.

Since Musk took the reins of the social media giant, Twitter has faced major challenges such as users and advertisers fleeing the platform and senior employees jumping ship. The mass layoffs the company has endured and the media circus accompanying every action has exacerbated the hit to Twitter’s brand.

The situation could become more volatile.

It is still not clear what Musk’s vision for success with Twitter is, and there are plenty of reasons to be skeptical of his ability to dig himself out of the deep hole he has dug himself, despite the success of Tesla and Space X.

Perhaps this is a case in which we can examine how an organization can learn how to manage its reputation in the public eye… and come out even stronger.

The current imbroglio that Twitter finds itself in is an extreme situation where the world’s richest man has acquired the world’s public square and the result is a stunning explosion of brand value. But observant companies can still learn valuable lessons from this fiasco about how to manage their reputation in the public eye, and even come through stronger when faced with significant challenges.

What it is, and why it matters

Reputation management is often defined as the practice of influencing stakeholder perceptions and public conversations about an organization and its brands. It includes monitoring perceptions and conversations, responding to reputation threats and proactively seizing opportunities to boost reputation.

Reputation management is more challenging for an organization with many moving parts, as opposed to individuals or small businesses which can monitor reputations online by tracking news, reviews, and social media. 

A larger organization, especially a publicly traded company, must manage expectations of shareholders and multiple partners, so reputation management becomes complex. But there are steps organizations can take to put their best foot forward online, in the media, and to their customers.

What can organizations do to protect their reputations?

Companies can take several steps to manage their reputation on an organizational level. A positive reputation can take years to build and a few minutes to ruin. There is always the risk that one misinterpreted tweet or post can cause a maelstrom on social media, so it is best to consider the following actions, all of which can be done preemptively.

– Be as transparent as possible in communications and with your audience.

Of value today in an organization is the ability to be transparent and own a mistake. Brands are as fallible as people, and as creators and influencers continue to be the face of organizations, brands will continue to strive to be perceived as relatable. This is especially true for Gen Z, who grew up on screens and understand which brands are authentic.

-Be diverse, but really embrace diversity

A lot of lip service surrounds diversity these days, with limited real action often taken in organizations. The best way to change is to promote diversity in your organization (including diversity of thought). Work to build diverse teams and share with your community what you’re doing, particularly the wins of team members.

-Be good to your employees

As we’re seeing with Twitter, Musk’s behavior and communication style is driving many employees away. His direct and abrasive style is self-selecting for employees who value his style of management, but the optics (as covered in the media) are not great. In general, people do talk, so being good to your employees will help generate good will.

These are three important points for reputation management on an organization level, but attention must also be paid to your online presence. In Twitter’s case, this is less relevant as they are a social media company. But most companies have a robust digital footprint which needs to be monitored. 

Steps for a better online presence:

-Prepare a digital strategy

As the saying goes, “failing to plan, means planning to fail,” so having some kind of plan is key. The online world is dynamic, but the good news is you can gauge feedback immediately and understand trends with easily accessible analytics. 

-Make your website (and social media) the authority

There is often an educational component to the service or product you market. With so much noise online and everyone jockeying to be an “expert,” building a presence with authority and developing content such as testimonials, data, and media links will help you stand out. The more authority you have online and the more transparent your communication, the better your reputation will be.       

-Have conversations with your customers

Your customers are your lifeblood and engaging with them (and the comments they post) can help spot challenges which may arise. Taking that extra step is also key in building brand loyalty with your community.

Related reading: The Essentials: Online Reputation Management FAQs

 
 
Don Aviv, President, Interfor International

We turned to licensed investigator and certified protection specialist Don Aviv, the President of global corporate intelligence agency Interfor International, for insight on due diligence in personal and professional background checks. Interfor was founded in 1979 by a former intelligence officer. Over the past 40 years it has provided investigative and intelligence services for individuals, companies and major law firms in the United States and around the world.

What kinds of due diligence do your clients generally need?

Interfor’s clients generally require in-depth background information on persons and businesses. Our investigations have provided vital intelligence on principals, prospective employees, counterparties and joint venture partners, and we have assisted corporations, law firms and governments on a wide array of cases and controversies in every corner of the world. There are many types and levels of background checks and due diligence investigations: the scope of an investigation depends on the needs of the client and specific circumstances.

However, at minimum, a comprehensive examination in the U.S. should include a thorough litigation check, 50-state criminal check, bankruptcy check, verification of educational degrees and licenses, name screenings on government terrorist and criminal lists, country-wide media search and government regulatory agency checks. Many of Interfor’s due diligence investigations include reputation inquiries. In these cases, we canvass those who know, or may have worked with, the subject of investigation. Speaking with those individuals can provide a wealth of information, far more than any database-driven search.

How often do your clients or prospects decide against undertaking due diligence, even when you advise them that it is necessary?

Unfortunately, as a full-service investigative firm, we often see the consequences of ineffective or inadequate investigations. Our litigation support and asset search services often sees those consequences when they are called on to investigate, analyze and track cases involving theft, financial fraud, embezzlement and duplicitous conduct. Failure to conduct adequate due diligence makes you and your company vulnerable to substantial losses and liabilities. In many situations a thorough due diligence investigation would have uncovered troubling facts and circumstances before the parties began their ill-fated relationship. The old adage ‘penny wise, pound foolish’ comes to mind. In addition to financial and reputational harm, the damage caused by these omissions may result in very uncomfortable confrontations with business associates, employees, boards, investors and shareholders. As we always tell our clients: who you work with is your business—making sure who they really are is ours.

What would you say to companies that don’t carry out thorough verifications?

In the old days, when you began a business relationship with a known company checking references was about all the background verification you would do. Bernie Madoff and his ilk have turned that standard on its head. The past 15 years have seen a steady stream of financial frauds, scams and Ponzi schemes. The sheer size of these schemes has been astounding. A few years back, a scam of several million dollars was noteworthy; now we are confronted with frauds in the billions. There is no substitute for thorough, comprehensive due diligence on every significant player in your life—from an overseas business partner to your local financial planner. “Trust” and “verification” are the watchwords of the 21st century.

In addition, client feedback suggests that the commoditization and automation of due diligence is turning out to be a short-lived trend. Ultimately, clients are realizing they prefer strong analytics and a human touch as opposed to mass-generated reporting or cut-rate services from providers who almost always miss subtle red flags, if not glaringly obvious ones as well.

We often see crises in the news that may have been prevented with due diligence. What are some that have struck you recently?

Many cases of financial fraud and misconduct could have been prevented with a thorough vetting of the offending party. Financial fraud can take many forms (e.g., investment schemes on the East Coast, high-return financial instruments in Florida, oil and gas drilling investments in the Southwest), but all have the same aim: to separate good and trusting people from their money. In our long experience, there has never been a shortage of aberrant behavior and conduct.

Just a few weeks ago, a security director at Borg Warner (a publicly traded US auto-parts manufacturer) was arrested in Russia on charges of espionage. While the true reasons for his arrest remain murky and geo-politically charged at this time, the coverage quickly yielded the fact that he had been dishonorably discharged from the military for larceny and fraudulent behavior. This was a surprise to not only the company, but also the individual’s family! It turns out the company only did a cursory background check, with a cut-off at 7 years of history. A policy which required a more thorough and comprehensive check would have saved them the bad publicity.

Other recent examples:

  • A U.S. money manager with a checkered past takes up practice in France, with activities including illegal stock promotion, securities fraud, wire fraud and money laundering.
  • A highly experienced and qualified scientist engages in misconduct including plagiarizing, falsifying, and fabricating information in a government study, resulting in his suspension.
  • A founding partner of a global money management firm is party to numerous lawsuits in the Russian Federation and subject to an international arrest warrant.
  • A managing director at a hedge fund hires an investment manager with a history of Securities & Exchange Commission (SEC) investigations and a long trail of bankruptcies and bankrupt companies.
  • A prospective employee is found to have a record of criminal violations, drug and alcohol convictions and robbery charges.
  • A hedge fund manager is discovered to have a history of hard drug use and an affinity for prostitutes–as well as what associates termed a nervous, unstrung, and unstable personality.

How do clients respond to due diligence findings?

Obviously, when potential problems or issues come to light at an early stage clients are relieved. When nothing untoward is turned up, there should be a huge measure of satisfaction knowing that the people you are hiring or working with are good, stable and qualified. Clients have a respect for the process of due diligence – that best practices now dictate that employees, partners and associates undergo a thorough and complete vetting. With that process comes the peace of mind from knowing that what should be done has been done.

We’re seeing clients who respect the value of comprehensive due diligence now opting to conduct periodic checks at standard intervals on existing employees with access to sensitive data, or after internal promotions. If someone has been with the company 10-15 years it’s important to know if there have been any significant incidents which may affect an employee’s suitability to handle certain information, such as customer data or trade secrets.

Are there any new services clients are requesting?

Yes, absolutely. There is a clear need in the market for real-time threat intelligence. In a world driven by social-media conversation, conspiracy theories or perceived injustices can quickly metastasize into violent action. Strikes, vandalism, and protest can materialize before a company or organization even realizes that the conversation has turned south. To meet this need, Interfor has developed a threat monitoring and intelligence program called Sentinel. It is designed to provide a continuous overwatch of open-source discourse, in order to provide actionable intelligence as it arises. This type of coverage can help prevent or mitigate security breaches, whether it’s for a specific event, foreign travel, or potential workplace violence. It’s also helpful for immediate incident alerts, in cases such as natural disasters or civil unrest. The response has been great.

Don Aviv is a Board Certified Protection Professional (CPP), a Board Certified Physical Security Professional (PSP), and a Board Certified Professional Investigator. He is also a licensed New York State Private Investigator. He holds a B.A. from the University of Rochester and an Alpha Phi Sigma M.S. in Criminal Justice from Suffolk University. Mr. Aviv is an Adjunct Professor at the University of Maryland University College and Vice Chairman of the Security Services Council of ASIS International. He also serves as an Advisor to Canary, a manufacturer of revolutionary home security products. This is the fifth in a series of interviews with experts whose work relates to online reputation management.