Introducing botbusters.ai: detect AI-generated texts, images, and fake profiles. Click here

Protect Your Executives From Social Media Threats

The field of executive protection has always been a challenge for enterprise companies, and is known to grow in tandem with a company’s growth. Threats against CEOs, board members, and other executives have increased in recent years, assisted by the proliferation of social media. 

Executives, like any public figure, can be attacked online, targeted by unsatisfied customers, protests, and even competitors. The reputational risk is only part of the problem: It’s also easier than ever to acquire an executive’s private email or phone number and use fake profiles to spread it online to harass executives, their family, and their friends, without any consequences or risk to the spreaders. 

Another rising risk is private information being stolen: even the most advanced cybersecurity systems have breaches that can be taken advantage of by bad actors, which is why cybersecurity teams are always on the lookout for indications of compromise (IOC). The most famous example of blackmail and extortion following data theft is probably Jeff Bezos, but this kind of attack isn’t limited to Fortune 500 companies. Even smaller businesses executives, like the CEOs of an Australian whisky company or of a cybersecurity firm faced data theft and blackmail attacks. 

On top of all of those threats, exists the very real jeopardy to an executive’s safety: an enraged customer making threats of harming a CEO might be just a troll hiding behind a fake profile, but they might also be a real security peril: A person who repeatedly threatened YouTube’s CEO, Susan Wojcicki, on social media was later arrested and was reported to have a violent history as well as an assault rifle in his home. While most people make violent threats and post menacing messages online without the intention to follow through, the dangerous potential is there, and if the offenders do want to harm a person, think how easy it would be for them to uncover their target’s home address. 

All those threats have one thing in common – they all started or evolved within the online realm. 

The following cases of executive threats, uncovered by Cyabra’s research, present both fake and real profiles making threats against companies’ CEOs using social media. The fact that many of those bad actors disguise their identities and hide behind fake social media accounts should give pause to any corporate security team or CISO trying to keep their executives safe. Even if those accounts have just a few followers, they represent the motivation of individuals or groups that worked hard to hide their identity and spread violent messages easily and anonymously. That, by itself, is enough of a reason to consider them a threat and regard both the fake profiles and the people who operate them with gravity.

 

Starbucks, Apple, and Disney Executives Under Attack

In the Spring of 2023, Cyabra uncovered separate fake profiles posting threats on Twitter (X) against Howard Schultz, former CEO of Starbucks, Tim Cook, CEO of Apple, and Robert Iger, CEO of Disney. The profiles exhibited a profound understanding of Twitter’s algorithm and used it to promote their content and latch onto existing conversations. The fake accounts directly tagged the CEOs in their threats, not with the aim of slandering their reputation or their company’s name, but rather with hostile, intimidating content that showed an intention to physically harm the executives. 

Schultz was threatened by a Twitter profile that tagged the former CEO, their message stating, “Hey @HowardSchultz I’m coming to your house.”

The fake profile, which was created just two months before starting to tweet menacing content, joined conversations regarding Starbucks boycotts and protests, as well as an active discussion about a planned demonstration right outside of Starbucks’s headquarters. Latching onto those conversations paid off: the threatening posts reached over 9,000,000 views – much higher than this new fake profile with just 123 followers could have reached otherwise.

The threatening post and the fake account that made the threat.
The threatening post and the fake account that made the threat.

 

The fake profile was eventually reported and deleted, but obviously, the person who went into the effort of creating a fake profile to make those threats and then used it frequently for posting menacing content against Schultz is still out there, and their actions should raise a warning within Schultz’s security team. 

In April 2023, similar threatening content was directed at the CEO of Disney, Robert Iger. This time, a Twitter profile clearly stated, “I’m gonna kill Robert Iger”, making a direct, explicit threat to the CEO’s life. 

Cyabra’s profile analysis uncovered that this was not an isolated post: the fake profile, created just two months prior, showed a pattern of frequent posts with violent content. Just like in Schultz’s case, this profile latched onto negative conversations about Disney, especially those led by conspiracy theorists blaming the corporation for child abuse and pedophilia. 

The threatening post and the fake account that made the threat.
The threatening post and the fake account that made the threat.

 

Finally, it was the turn of Tim Cook, the CEO of Apple, to face similar threats. The Twitter profile that targeted him spread his message using recurring posts, expressing a consistent desire to kill Tim Cook. 

Repeated threats were made towards Tim Cook, Apple’s CEO.
Repeated threats were made towards Tim Cook, Apple’s CEO.

 

This time, the threats were made by what appeared to be a real profile of a person who introduced himself as a public speaker, using what seemed to be a real name. Cyabra’s analysis revealed a similar (but not identical, especially when comparing the name) profile on LinkedIn, which means it could either be the same person, or a fake profile that stole the identity of the real one and impersonated him to make death threats without risking themselves.  

The Twitter profile and the LinkedIn profile: same person, or an impersonator?
The Twitter profile and the LinkedIn profile: same person, or an impersonator?


The Danger Game: From Maybe to Menace

All the fake accounts scanned by Cyabra were eventually removed by Twitter, and their tweets were deleted. However, the danger they represent remains. When we think about executive protection, we might be imagining swarms of security surrounding the highest offices of the world’s largest corporations, and huge amounts of money invested in defense and security. While that might be the case for the largest enterprise companies, the executives of smaller businesses are more exposed and can easily be targeted, and even the most wealthy corporations can’t protect all of their executives 24/7. 

While not every threat in the online sphere manifests as a danger in the real world, being aware and alerted of threats on social media can make a huge difference when safeguarding an executive. CISOs and corporate security teams should be aware of those risks and their dangerous potential, investigate them, and alert authorities when needed. The ability to monitor social media, detect threats and indicators of compromise (IOCs), and stop bad actors before they can cause harm is crucial in protecting a company’s employees and executives. Contact Cyabra to learn more about safeguarding your executives.