Being on social media can be serious business for an enterprise.
Major retailer Target can attest to that after a man with no official connection to the company hijacked its social media presence and began talking -- rather sarcastically and often rudely -- to customers.
"This is a big brand and reputational issue," said Nick Hayes, an analyst with Forrester. "As a business, you have to make sure the accounts you own are kept safe. There are serious implications for an organization if they don't catch something like this."
Target didn't comment specifically on the issues raised by observers about how long it took to catch onto the problem. But Angie Thompson, a Target spokesperson, said by email, "At Target, we are committed to providing outstanding guest service to our guests wherever we engage with them -- in our stores, online, or on social media. Clearly this individual was not speaking on behalf of Target."
He then began responding to users who were posting negative comments about the company's decisions to stop using gender-specific signs for clothing in its stores.
One Facebook user, identified as Lisa Marie, posted on Target's page saying, "I am EXTREMELY OUTRAGED at your stupidity for doing away with gender separation at your stores... THANK GOD I haven't bought school clothes yet for my kids. You lost my business@!!"
Pretending to be someone from Target, Melgaard responded, "Lisa, you sound like you need a snickers. We sell them by the packs here at Target. Stop on down and buy some. ☺"
Many other responses weren't so clean.
Clearly, Target customers didn't notice that Melgaard didn't actually work for Target. They likely saw the Target logo next to the response and didn't realize it was not a legitimate account.
But then, most would never think to dig deeper to check if it was legitimate or not. It's an easy assumption to make and nearly everyone would, according to analysts.
Melgaard wasn't making it a secret that he was hijacking Target's online customer response.
He even posted on his on Facebook page, "If anyone wants to go to the "target" comment page where people post stuff, I'm posing on there as a target "ask for help" employee and replying to everyone who is against their recent "gender labels" move. It's kinda funny."
He later posted, "I've got this one guy really freaking out on the target page right now, it's great."
Target -- the real Target, that is -- didn't notice what Melgaard was up to for about 16 hours and by that time he had commented on about 50 posts.
At that point, Target shut his fake account down.
"The scary part is how easy this is to do," said Zeus Kerravala, an analyst with ZK Research. "Customers' comments are visible to everyone and he simply responded using a Target logo. This opens the door to fraud and, frankly, customers thinking you don't care."
The problem, even more than having your customer service hijacked online, is having a major company that is only partially committed to social media, according to Kerravala.
"If you're going to be on social media, you need to monitor it continuously," he added. "If it's not monitored, it could be very damaging. Someone could easily insult a minority group and really hurt the company's image. You're either all the way in social media or you're not at all."
Forrester's Hayes noted that Target isn't alone in its online embarrassment.
"I've seen it happen a number of different times and across a number of different industries, particularly where there's a lot of negative sentiment," he told Computerworld. "This guy thought it would be funny and that was kind of the best-case scenario. If someone has malicious intent, the impact on the company could be much worse."
If someone is impersonating a company's social media account, there could be significant security issues, for instance. Fake accounts could enable hackers to steal customer information including personal data and passwords.
"Target didn't notice this was happening for 16 hours," added Hayes. "Sixteen hours isn't a full day and it's not like it was going on for weeks, but 16 hours is definitely a long time when you have an impersonating account. If [Target] had been really looking, they could have discovered it sooner."