Home > Articles > Business & Management

Whisper Campaigns and Anonymous Attackers: Identifying and Handling Social Media PR Threats

📄 Contents

  1. Trolls and Anonymous Attackers
  2. Public Attackers
Astroturfing (creating fake or dubiously-supported "grassroots" campaigns) or even direct public attacks can take a toll on you or your organization. This chapter describes some of the threats you may come up against and provides some steps to take to settle the situations without causing more harm.
This chapter is from the book

In early 2009, the Halifax-Plympton Reporter received a letter to the editor urging people to “contact their Congressman about the Medicare Advantage program, a sort of privatized health plan paid for through the recipient’s Medicare. There may be some interest in doing away with the program.”

Seems benign enough, right? The letter was signed by a local resident, but it didn’t mention the local Congressman, which the paper’s editor found strange. So he called the man who wrote the letter and was astounded to learn the letter’s “author” had no idea what he was talking about.

The editor filed the letter and went on about his day. About a week later, he received a phone call from a man who said he was calling on behalf of the person who wrote the letter. The editor told the caller what he had done and asked who he was and who he worked for. The caller declined to tell the editor who he was and hung up the phone. But what he didn’t count on was caller ID. The editor traced it back to a high-powered lobbying and public affairs firm in D.C. It became pretty evident the firm was working for an organization with an interest in keeping Medicare Advantage in business.

The firm’s site promises “grassroots communication,” but this is downright astroturfing.

According to Campaigns & Elections, astroturfing is “a grassroots program that involves the instant manufacturing of public support for a point-of-view in which either un-informed activists are recruited or means of deception are used to recruit them.”

At one time found only in politics, this practice has spread to the communications industry.

Genuine grassroots campaigns tend to have many people involved, but don’t always have the money needed to support them. Think about Occupy Wall Street, or President Obama’s 2008 bid for the White House, or campaigns designed to get television programs back on the air. They use the Web and social media to help further their ideals, but don’t always have a lot of money behind them.

Astroturfing, though, tends to be flush with cash but people-poor...so the designers make up people. On the Web, they’ll create fake personas or robots to spread the word. Offline, sophisticated computer databases, telephone banks, as well as hired organizers, are used to recruit and inspire less-informed activists to send letters to their elected officials or to the city’s main newspaper. Ultimately, it ends up looking like there are many people up in arms about pending changes.

According to Wikipedia, these techniques have been used to

  • Defeat President Clinton’s proposed health care reform through a front group called Rx Partners, which was created by a public relations firm and the Coalition for Health Insurance Choices
  • Oppose restrictions on smoking in public places through a front group called National Smokers Alliance, which was created by a global public relations firm
  • Encourage people to buy Coke
  • Generate news clips to assist Microsoft lobbyists in persuading U.S. state attorney generals not to join a class action suit against the company

While shocking, the good news is, as consumers, we’re far more educated through information found on the Web, these kinds of campaigns are found very quickly, brought to the attention of influential journalists, and taken down.

“For years, Mark Zuckerberg, the chief executive of Facebook, has extolled the virtue of transparency, and he built Facebook accordingly. The social network requires people to use their real identity in large part because Mr. Zuckerberg says he believes that people behave better—and society will be better—if they cannot cloak their words or actions in anonymity,” wrote the New York Times on May 13, 2011.

Enter a global public relations firm. They were hired to create a “whisper campaign” about Social Circle—an optional feature of Google that uses publicly available information from social networks to personalize search results.

The story goes like this: Two very high-profile former reporters-turned-PR-pros worked with journalists and bloggers to begin digging into Social Circle and writing negative stories about it. When pushed to reveal their client, they refused, and a blogger published their email exchange.

The initial email from the high-profile PR pro began, “I wanted to gauge your interest in authoring an op-ed this week for a top-tier media outlet on an important issue that I know you’re following closely.” He went on to describe the sweeping violations of user privacy at Google and how the blogger could use the information in his email to write the op-ed.

The blogger responded with, “Who is paying for this? (Not paying me, but paying you).”

The PR pro wrote, “Thanks for the prompt reply. I’m afraid I can’t disclose my client yet. But all the information included in this email is publicly available. Any interest in pursuing this?”

The blogger, smart to these kinds of practices, denied the request and made the entire conversation public, which made national news and required the Public Relations Society of America (PRSA) to get involved, from an ethics point-of-view.

This is common practice in Silicon Valley. PR professionals are hired to help create negative stories about one’s competition.

It happens in Hollywood, too. During the 2013 Oscars season, you might remember seeing stories such as, “Can you believe Zero Dark Thirty? The Academy is never going to vote for a movie that justifies torture.” Or “If you want historical accuracy, don’t watch Argo. The suspense when they’re leaving the airport? That never happened.” Or “Come on, Lincoln! Mary Todd Lincoln never attended debates, but there she is in the visitor’s galley in the movie.”

These comments typically begin with publicists or “Oscar-campaign consultants” who have off-the-record chats with reporters and voters. They don’t talk about the great attributes of the movies, actors, or directors they represent; rather, they point out the flaws in their competitors. And some of these stories are created by the media looking to increase eyeballs and win in the ratings wars.

The Academy has tried to discourage the negativity by imposing a one-year suspension of membership for first-time violators, but this rule is hardly ever enforced because most whisper campaigners are too smart to malign their competition publicly. They never put anything in writing, including in email.

The idea of whisper campaigns began, not surprisingly, during wartime, because it is an effective and inexpensive way to create protests, support stand-offs, and exercise national will without using the military. From there, it has seeped into politics, the tobacco industry, Hollywood, and now Silicon Valley.

But it isn’t limited to those few instances. In business, companies hire employees to create fake social media accounts to post comments on blogs, forums, chat rooms, and social networks. They try to steer conversations in a desired direction or post negative responses that rile up the community.

For instance, a defense contractor that works with the government was found to be mounting an attack against WikiLeaks when they were hacked by Anonymous (the hackers responsible for a lot of the tightly secured information that throughout the years has been leaked to WikiLeaks).

In the documents they found and leaked, there was information about how to create personas to attack journalists, bloggers, and commenters to “smear enemies and distort the truth.”

Here’s a quote from the leaked materials: “To build this capability we will create a set of personas on twitter, blogs, forums, buzz, and myspace under created names that fit the profile (satellitejockey, hack3rman, etc.). These accounts are maintained and updated automatically through RSS feeds, retweets, and linking together social media commenting between platforms. With a pool of these accounts to choose from, once you have a real name persona you create a Facebook and LinkedIn account using the given name, lock those accounts down and link these accounts to a selected # of previously created social media accounts, automatically pre-aging the real accounts.”

Another document describes how they use automation so one persona can represent many different people with the stroke of a key. “Using the assigned social media accounts we can automate the posting of content that is relevant to the persona. In this case there are specific social media strategy website RSS feeds we can subscribe to and then repost content on twitter with the appropriate hashtags. In fact using hashtags and gaming some location based check-in services we can make it appear as if a persona was actually at a conference and introduce [sic] himself/herself to key individuals as part of the exercise, as one example. There are a variety of social media tricks we can use to add a level of realness to all fictitious personas.”

That’s just another example of how gigantic organizations are gaming the system, lying and stealing, and developing groups of “people” to provide opinions about an issue.

In the past, these things worked fairly well. It was difficult to not only prove it was happening, but to get the attention of journalists to tell the story. But there’s a new sheriff in town, named social media. Because of him, everyone has a megaphone. When you are found out, people are all too happy to rip you down from the fake proverbial pedestal.

Brian Solis, principal analyst at Altimeter Group, a prominent blogger, keynote speaker, and author of several books, did a test to promote the launch of “The End of Business as Usual.” Using a service called Let Me Tweet That For You, he created a bunch of tweets from celebrities such as Donald Trump and Ellen DeGeneres that are made to look like they endorse his book (Figure 4.1).

Figure 4.1

Figure 4.1 Let Me Tweet That For You allows you to create fake tweets from real people.

Of course, the tweets Brian created aren’t real and he never actually sent them. He created them only to show it’s important to confirm any information we see online that seems strange, because it most likely is. A great example of this is the photos of Abraham Lincoln you see floating around the Web that display quotes, supposedly by him, on how to behave online. Of course, Lincoln didn’t say those things, but people continue to share the quotes. After all, if it’s on the Internet; it must be true.

After Brian opened the kimono, so to speak, and showed what he did and why he did it, we took to the Web to create a fake tweet from a colleague, saying she loves working with me (Figure 4.2).

Figure 4.2

Figure 4.2 A test to create a fake tweet about myself from a friend and colleague.

Admittedly, it’s kind of fun to create tweets saying awesome things about yourself that look like they’re coming from your friends or colleagues. And the good news is the service doesn’t allow you to actually tweet what you’ve created. Instead, it generates a tweet that says, “Check out what @belllindsay just said http://lemmetweetthatforyou.com/t/2tl99k Site by @okfocus.”

So Lindsay would be alerted if I tweeted that, and anyone following would be directed to the site where it was generated. No harm, no foul, right?

Not so fast. What if trust has now completely eroded? People are astroturfing and creating whisper campaigns and writing fake reviews—and now, faking tweets. What next?

As it turns out, there are lots of blog posts, forums, and how-to sites written for people who want to start their own whisper campaigns. If you’d like to go that route, stop reading and donate this book to a library. You’re not going to learn how to do that here.

Trolls and Anonymous Attackers

There are quite a few things you can do to dissuade anonymous attackers. Use Livefyre as your commenting system, which forces commenters to have an account (usually with one of the social networks); build a strong community of people who can quickly recognize those who are there only to cause trouble; and have guidelines that clearly state comments will be deleted if you swear, make up facts, or are intent on damaging someone’s reputation (or that of someone in the community) through libel. Ninety-nine point nine nine percent of the time, people are very professional, fun, and kind to one another.

But there will be that one time when you are attacked personally, and anonymously.

When you discover negative comments, you can quickly do some research to find out who the people are. Track their accounts back through Livefyre, and after a few clicks, you’ll discover whether it’s a real person or not. Sometimes you’ll find there is a content farm in another part of the world that is set on creating negative comments to engage authors in conversation, eventually gaming the Google rating system.

Rather than engage those “people,” delete the comments and ban the users from commenting on your site. It does take some time, but it’s well worth it. Don’t be rushed. Take that time. Because if you don’t, the attackers win. Situations like this make the online world a bit scary. People will say negative things about you. They will criticize you. When this happens, take out the emotion, listen to what people have to say, admit when you’re wrong, and say you’re sorry.

Except when the attackers are anonymous. The culture of the Web allows for anonymous attackers known as “trolls”: the people who say, from behind a computer screen, things they would never say in public. We see this with online bullying of children and teenagers, and we see it, via adults for the most part, in business. The Web provides a “safe” world where trolls can wield power and influence others. Unlike most real-world bullies, though, anonymous attackers can find a large ready-made audience to consistently engage, vote up their content, share it, and provide serious ego-stroking without negative consequences. In fact, some sites offer real-world bonus items for popular content—no matter if it’s harmful or not. But, like real-world bullies, trolls need to get a rise out of their victims to enjoy the interaction. When you don’t “feed the trolls,” you disgrace them and make them feel irrelevant.

It really isn’t unlike serial killers or mass murderers (particularly in the United States) who kill for the publicity and fame they know they’ll achieve. Those 15 minutes of fame come at any price...but they’re willing to do what it takes to get them. The same thing happens online (even if not at the expense of people’s lives) and trolls will do what they can simply to get a rise out of you.

Reddit is a site that allows anyone to register with any username. You can submit and vote on content, all anonymously. You’re also able to start a forum dedicated to your hobbies or interests, known as a subreddit. During the Boston Marathon bombings, there was an entire subreddit dedicated to the manhunt—which gave you more accurate and timely information than the news. In fact, reading that stream—which was hooked into the Boston police scanner—revealed to the online world that the second suspect had been caught a full five minutes before the news reported it.

During the 2012 Presidential campaign, President Obama became the first sitting president to participate in a Reddit AMA (Ask Me Anything) feature. People from all around the world participated, and he answered questions about space exploration, Internet freedom, his favorite basketball player (Michael Jordan), and work-life balance. The hour-long Q&A session gave Reddit mass legitimacy and let the site open itself up not only to the typical web geeks, but also to mainstream news and political junkies.

But the site isn’t all for the greater good. Because Reddit allows anonymity and the policy itself is very lenient on offensive speech, it has bred an underground of trolls, attackers, and downright bad people.

In October of 2012, a man known as Violentacrez—one of the biggest trolls on Reddit—was found out by Gawker. You see, he’d been posting images of scantily-clad underage girls on the Internet, which is what began the deeper investigation into who he really was. But more than that, if you found images of racism, porn, incest, or other highly offensive things on Reddit, it was almost certain Violentacrez was behind them. In fact, he created a subreddit called “Creepshots” where users posted covert photos taken of women in public—usually close-ups of their body parts. And the subreddit thrived.

Violentacrez created another subreddit called Jailbait, with the sole purpose of “creating a safe place for people sexually attracted to underage girls to share their photo stashes.” While you or I might call those people pedophiles, the subreddit called them “ephebophiles.” Violentacrez and his fellow moderators worked hard to make sure every girl posted in Jailbait was underage. They deleted any photos whose subjects looked like they were older than 16. It soon became one of the most popular subreddits on the site and the term “jailbait” was the second biggest search term for the site. Eventually it landed on CNN, and Anderson Cooper called out both Reddit and Violentacrez. The subreddit was banned—reluctantly because it’s against the Reddit terms of service to police the user content and because their community was incensed at the very idea of being “policed”—and, with it, all content featuring minors.

Lock up your children! Protect the women! Throw away the keys!

Like “real life” bullies, trolls need to get a rise out of their victims if they are to enjoy the interaction. But it’s not all as bad as Violentacrez, particularly in the business world. Yes, you will have trolls attacking you, especially as you participate more and grow your brand online. Yes, they will make you angry and emotional. Yes, they will get a rise out of you. But it’s how you handle them that makes all the difference between them feeling like a mosquito bite in the middle of summer, or them forcing your focus away from your job completely.

The best way to stop trolls is to create an environment that is unfriendly to trolling. We’ve done that on Spin Sucks by carefully cultivating a professional, kind, and smart community. We painstakingly review all comments and determine their validity. If we remove someone, we explain to everyone else why we did that, citing something in our policy the person violated. Today, the community does the rest of the work. The good news is it’s unlikely you’ll be trolled—unless you’re Coke or GE or Face-book—until you’ve built a name for your organization online. With that, hopefully, comes a community of people who adore you—or at least respect you. They’ll stick up for you, often without you having to ask.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020