In recent years, offers of paid awards - known as Vanity Awards - have become increasingly common. Nimblr describes the phenomenon, its usual course, and discusses possible security risks associated with these "borrowed feathers". Finally, it suggests a less loaded terminological alternative: Pyrrhic Awards.
The pitfalls we risk falling into are many and deep when our quest for attention and recognition is not regulated by better knowledge. A good example of this is the Vanity Awards, where companies offer to accept vaguely described nominations, or to nominate themselves, for "prestigious awards" only to find that the prizes are priced, i.e. can be redeemed against payment. The companies behind these charlatans are usually careful to stay on the right side of the law, and can therefore make a good living out of their gullible victims' predations. Nimblr often receives these types of offers, and can therefore provide a description of a typical "Vanity Award" process.
During November and December 2022, Nimblr receives more than half a dozen emails from a company - let's call it Corporate Foresight - whose stated agenda is to "recognize and celebrate companies around the world that strive every day to be better than they were before". The introductory message is well-designed and, at first glance, may seem trustworthy and serious. We are informed that "Nimblr Ltd has been identified as a potential candidate for the Security Awards 2023" and are given, via two links, the opportunity to accept this potential nomination or not. Furthermore, we receive the following information: "There are no mandatory costs if you choose to accept the nomination or if you are successful. If a company is successful, we offer packages to make the most of what has been achieved, but these are entirely voluntary, and we always offer a free package to our award winners." So far so good, right? The company is registered, has an address, phone number and a well-designed website. The email also includes a photograph of the staff, five smiling women who - like the Spice Girls - superficially exemplify five different archetypes or styles. We even find out their first names and nicknames; short, easy-to-pronounce, "common" names.
In the Security Awareness industry, you learn early on that what is not said is often more informative than what is said. We are not told on what basis this potential nomination rests; what we have achieved? Nor is anything said about who nominated us. A discursive examination of the message also reveals some classic red herrings:
In addition to these warning signs, the message - including the photograph - appears to be a bit too elaborate: a pluralistic fishing net, the differentiated meshes of which are intended to ensnare a wide range of would-be prey. At Nimblr, we know that the best way to avoid a suspicious online offer is to ignore it, both to negate the risk of interacting with unsafe links and to investigate the counterparty's behaviour in the absence of a response. So we let the message from Corporate Foresight go unanswered. Immediately an intense spamming started, where the urgency message became more and more prominent while Nimblr, without comment, went from "potentially nominated" to "nominated". Of course, we didn't answer any of these messages either.
However, there are companies that - by mistake or out of curiosity - have accepted this type of nomination. From their experience we can learn that nominations always leads to prizes and that a prize sometimes involves some form of free exposure, such as a short interview in the award company's own online magazine. In addition to this, there are offers of so-called prize packages, with plaques, trophies and the like, at a cost of anything from SEK 1500 to over 50000. Any free interviews seem - at best - to yield minimal positive returns. A more likely consequence of the Vanity Awards is a continued and intensified spam bombardment with similar offers.
It is easy to see the Vanity Awards as a nuisance rather than a real threat, as interaction with their spam messages, links and offers is voluntary, with no explicit purchase requirements. It is therefore neither phishing nor pure fraud. The activity and approach is not illegal, but it can justifiably be described as frivolous, and there is more than just money at stake here. As already mentioned, participation often opens the floodgates to a deluge of similar "offers", thus increasing the security risk. Furthermore, the spam messages contain a variety of links, the legitimacy of which can and should be questioned. For a Security Awareness company like Nimblr, the negative exposure that a Vanity Award brings can be devastating, as active participation demonstrates flaws in both security och medvetenhet.
However, it is understandable that companies can be duped in this way. The global business world is a jungle, and neither a map nor a compass offers protection from the predators lurking in the dark. It is very important to be able to discuss the Vanity Awards and other types of scams in a clear and non-judgmental way, without making fun of those who have been scammed. In this way, information about the phenomenon will be spread and companies will become more vigilant and resilient. In this spirit, Nimblr wants to propose a terminological shift, replacing the stigmatizing term Vanity Awards with the more neutral term Pyrrhic prizes, named after King Pyrrhus who, after a costly victory over the Romans at the Battle of Asculum in 279 BC, won the prize.BC, is said to have uttered the phrase "One more such victory and I am lost." Thankfully, unlike King Pyrrhus, as an entrepreneur you are not fighting a battle against a resourceful Roman Empire, but in this case the battle is between reason and pride. If you represent and/or have built a brand and a business idea that you believe in and are proud of, it's better to focus on well-deserved and genuine awards, and if you can't wait for those, you can always invest in a "world's best boss" mug for yourself. These are both cheaper and more useful than Pyrrhic awards.