Proofpoint Staff

As in general cybersecurity, a recurring theme in the social media security business is current event opportunists: hackers and scammers who feed on the popularity of high profile events like the Super Bowl™ to distribute threats to massive pools of potential victims. We have seen it in relation to sporting events like the FIFA World Cup and we expect to see it again for the NFL Super Bowl, and while it obviously threatens end-users who are the targets of scams and phishing, it can also expose the brands of teams, leagues and related businesses to new risks. To get a sense of the NFL social media threat environment leading up to the Super Bowl, Proofpoint Nexgate researchers analyzed at the content posted to the Facebook pages of the twelve NFL playoff teams during the first three weeks of January leading up to the NFL Conference title games.

The Most Active Fans

Every team has fans, some more passionate than others, and the twelve teams of the NFL playoffs show the extent to which social media are a platform to communicate with their fans during the “win or go home” post-season. Ranking the most active social media fans based on the number of comments made during our research window (Table 1) reveals that the Dallas Cowboys boast the most active fans, with over 247,000 comments during our two week sample window. (This analysis only counts activity on the official or “authorized” accounts: for each account there are in some cases hundreds of unauthorized accounts that use the team name and brand in one form or another. For example, only three authorized Cowboys accounts were analyzed, but Proofpoint Nexgate discovered approximately 400 unauthorized accounts that used the Cowboys name and/or brand in some way.) A combination of content and one of the world’s largest fan bases helped to put the Cowboys on top, but interestingly only two of the four teams in the Conference title games made the top-five in terms of activity.

Team Comments Dallas Cowboys 247,057 Green Bay Packers 157,200 New England Patriots 134,100 Baltimore Ravens 86,200 Pittsburgh Steelers 81,606

Active fans make attractive social media targets

Looking next at the most targeted teams based on total number of security incidents – where incidents included scams, malware, malicious links, etc – demonstrates that success in social is exactly what attracts the bad guys. (Table 2) “America’s Team” accumulated the most hackers and scammers, with a total of 192 incidents. As a percentage of total comments this amounted to 0.08 % of all comments posted, but unlike in email, volume is not the key to success for social media bad actors. In social, a single malware link posted to an NFL Facebook page may be viewed by thousands or even millions of potential victims. By keeping volumes low for a given page, scammers are also more likely to stay off of block lists. The list of Most Targeted NFL Playoff team Facebook accounts are almost the same as the Most Active, with the exception of the Denver Broncos bumping the Baltimore Ravens out of the top-five.

Team Security Incidents Dallas Cowboys 192 New England Patriots 78 Pittsburgh Steelers 57 Green Bay Packers 56 Denver Broncos 52

Here is an example of a malware lure posted to an NFL Facebook page:

And when the user clicks this link they are told that they need to install an updated Flash Player as shown below. After a few more clicks, malware is installed on the victim’s computer.

Who is filling their swear jars?

Social media give teams, like other businesses, a great platform for reaching current and new fans, but this comes with a risk: as Proofpoint Nexgate researchers recently reported, fans and followers can post inappropriate content to a team’s social media page, with a potential to negatively impact the team’s brand. In order to assess this risk, we analyzed the relative “profanity” of our playoff group by looking at the percentage of inappropriate content, which is mostly profanity but also includes hate speech, bullying, pornography, and other ‘negative’ language. (Table 3) The runaway leader in the Profanity category is the Pittsburgh Steelers, with inappropriate comments representing more than 6.1% of all comments. The nearest competitor in the Profanity category was their division rival Baltimore Ravens, with inappropriate comments representing 1.6% of all comments. Playoff success was not a guarantee against profane comments, as the Super Bowl-bound New England Patriots ranked third in this category… and this was even before “Deflate-gate”. After the Deflate-gate story broke on January 19, the Patriots remained in third place by percentage, but the total number of profane comments (and of all their comments) surged to a level higher than any other team, with an absolute count of inappropriate comments 1.5 times that of the Steelers.

Team Profane Content Percentage Pittsburgh Steelers 6.15% Baltimore Ravens 1.62% New England Patriots 1.13% Detroit Lions 1.00% Cincinnati Bengals 0.79%

If you can’t say something nice…

Conversely, we also ranked those teams with the lowest percentages of profane and inappropriate content as a category of the most “Polite.” The most polite fans were those whose teams advanced at least to the Divisional round, with the Carolina Panthers and Denver Broncos tying to post the lowest percentage of inappropriate content at 0.32% of total comments. Right behind the Panthers and Broncos is the “Twelfth Man” of the Super Bowl-bound Seattle Seahawks at only 0.35%.

Team “Polite” Content Percentage Carolina Panthers 0.32% Denver Broncos 0.32% Seattle Seahawks 0.35% Indianapolis Colts 0.40% Green Bay Packers 0.45%

The Numbers Game Favors Bad Actors

Eliminating hacks, scams, hate speech and other bad content is no simple challenge for the teams at the scale they have already reached. The Cowboys would have to moderate over 13,000 comments per day just on their authorized accounts, and the problem is only going to grow over time. It’s a numbers game that favors the bad guys until the teams put together a game plan to protect their accounts with automated security and content filtering, because as any team knows, sometimes you play the game, and sometimes the game plays you.