The Timeline of a Takedown: Shifting from Awareness to Action

The Timeline of a Takedown: Shifting from Awareness to Action
5 minute read

Let’s get something straight up front: there is a lot of bad sh*t online. From the 583 million Facebook profiles deleted in January-March of 2018 to the half a trillion (yes, trillion!) dollars spent on counterfeit goods annually, at times the internet still feels like the wild west. The sheer quantity of bad actors and malicious content on social media and other digital platforms can often make it seem like there is nothing that can be done about it. Even with Twitter removing tens of millions of fake profiles, more profiles of the same kind are created every day.

Becoming aware

A lot of our customers first come to ZeroFox wanting to understand what’s out there. Are there fraudulent accounts impersonating their brand? Are there unauthorized resellers selling their products, or worse- selling counterfeit versions of their products? Are bad actors targeting their customers or employees with spearphishing campaigns?

The first step to a comprehensive digital risk protection strategy is awareness- or understanding what’s out there. That’s why we always tell customers to start by taking stock of their online presence. What accounts do you own? What accounts do your executives maintain? Your employees? From there we’re able to identify what you don’t own. The imposter accounts, the offensive content, the brand infringement. This tends to be an eye-opening experience. Even the most sophisticated and diligent security and marketing teams that meticulously maintain their own social media accounts may not be aware of the accounts and the content they can’t control. Becoming aware of the threats facing your brand and business online is critical, but it shouldn’t stop there.

Shifting the mindset from awareness to action

Understanding threats is great, but without action these threats will continue to attack your brand, or worse, further extend their reach. For years, we’ve seen digital risk protection considered as largely an analysis and intelligence-driven space. But in order to truly stop malicious posts and profiles on social media and digital channels, we need to take action.

Action can mean several things, usually resulting in the form of a takedown. This includes hiding offensive comments on your brand’s social media posts, blocking malicious profiles targeting your customers and employees, or requesting a takedown of a specific user or post that violates Terms of Service. Takedowns ensure bad actors and posts are handled directly and effectively. They are the central component to a strong digital risk protection strategy, and the central component of ZeroFox’s comprehensive digital risk protection solution.

Takedowns: How do they work?

Now that we’ve established what a takedown is, let’s talk about how a takedown actually occurs. At ZeroFox, it is our goal that every takedown is handled swiftly and effectively to save customers time and resources on what would otherwise be a manual, arduous process. But takedowns can look different on different platforms. ZeroFox maintains the broadest range of takedown capabilities on the market today, covering social media, surface web, deep/dark, domain takedowns and more. Through our years of experience remediating threats across a wide array of channels, we’ve found that takedowns, and the associated effort required, vary based on channel, content and risk. On social media, for instance, takedowns result in the removal of a post or profile. On blogs and forums, blogs or full threads may be removed. On online marketplaces, unauthorized resellers may have their products removed or entire seller accounts deleted through a takedown. Here are a few types of takedowns we see most often:

Social takedown

Social takedowns include the removal of any content or profiles on social media, from Facebook to Twitter to Instagram and more. Here’s a sample timeline of how this kind of takedown occurs:

  • Bad actor posts a malicious link tagging your organization: Whether on your company Facebook page or in a tweet mentioning your company, your brand is now tied to this malicious effort.
  • Malicious link identified and alert generated: Maybe your social media manager notices the post or your social media security tool alerts you to it. Make your security team aware of the issue as soon as it is discovered.
  • Remediation actions considered: Here’s where you need to decide what to do about the malicious link, whether internally or with the help of an expert. Are you going to request the post be deleted? Block the user that posted? Request the poster’s profile be removed from the platform entirely?
  • Takedown requested and completed: Once a course of action has been decided, takedowns can be requested directly within the network (think, Facebook’s ‘Report’ feature) or through your social media security tool. ZeroFox customers are able to request takedowns from directly within the ZeroFox platform and can rely on our trusted relationship and years of experience working with the networks to handle the work for them.

Domain takedown

Another common threat we see is domain spoofing or impersonation. Let’s use ZeroFox as an example. A malicious actor may try to use the domain “,” adding an extra x to lure ZeroFox prospects or customers to their site without them knowing. These impersonation domains can be difficult to identify without near constant monitoring, and achieving quick remedy can be challenging. Companies spend thousands of dollars in legal fees each year, some hiring outside counsel, to handle these kinds of threats.

The timeline for this kind of takedown can be sporadic and lengthy if you don’t know what to look for or how to handle the remediation itself. Constantly monitoring for offending domains is time-consuming and ineffective- which is why ZeroFox built domain monitoring into the ZeroFox platform, saving customers time and resources on not only identifying these threats but taking action on them as well.

Web takedown

Web takedowns can include everything from surface websites such as Glassdoor and ZipRecruiter, to deep and dark web forums, paste sites, etc. From surface to deep and dark, it is nearly impossible for a large (or even small!) company to manually monitor for digital risks to their brand and business on their own.

Let’s use an example of malicious content found on a Paste Site. For those unfamiliar, paste sites serve as a sort of “global clipboard.” Started as a way for developers to share code, these sites have become the default drop place for malicious sharing and selling of private information, from credit card numbers to usernames and passwords. Unless your security team is monitoring these sites 24/7 (and even then!), it is easy to miss risks to your customers and/or employees.

For companies without a digital risk protection solution, the timeline for takedowns on these sites can be confusing and time-consuming. Reaching out to these sites directly can lead to unanswered requests or the demand for proof and context that takes time to collect. And even after reaching out, it is hard to know the likelihood that content will actually be taken down. The ZeroFox platform and expert team identifies and validates these types of alerts quickly, requesting takedown on your behalf so you don’t have to lift a finger, saving time and increasing the likelihood of takedown success.

In summary

No matter what type of threats you are looking to remediate or what digital channels you are looking to cover, ZeroFox can help your organization. No longer rely on social networks, domain registrars or your own internal teams to identify, request and ultimately remove malicious content- ZeroFox has you covered with our Takedown-as-a-Service offering. Read more about this service on our website here.


Subscribe to our Blog

Best practices, the latest research, and breaking news, delivered right to your inbox.