If you're watching the World Cup and surfing FIFA-related social media accounts, you have a good chance of coming across the fine, deceptive work of hackers, spammers and even some pornographers.

According to a report by social-media platform security firm NexGate, there was a 521 percent increase in spam on FIFA-related, soccer club, and FIFA sponsors' social media accounts across Facebook, Twitter, Youtube, and Google+ between the day before the World Cup began and day of the tournament's first match.

The bad news is that the U.S. soccer team's social media accounts came in last place for safety, meaning the greatest security risks for users lay in that team's account. Out of all the social media channels, Facebook had the most security risks and Youtube came in second. 

Even worse, if you don't have security measures in place to deal with social media threats, it can cost your company time, money, and brand reputation. 

"If you're spending time and money for people to read your content and paying for Facebook advertising and measuring your cost-per-click, but someone is hijacking that, not only are you losing that money you spent, but you're also paying someone to hijack your work by giving them a platform," says Devin Redmond, co-founder and CEO of NexGate. "In effect, you are sponsoring the spam in that environment."

The attacks are diverse, but Redmond says his team has seen more than 500 different types of unique spam threats. "Some have links while others don't and just want to make a connection, 'Hey, make great money working from home,' 'Enter my tournament challenge and make tons of money,' and then they start down that social engineering path," he says. "At some point, they get you to install an app on your social media account, try to get data from you and start stealing from you, or your audience."

Redmond has two tips to fight back against hackers and spammers.

Set some rules. 

Post your "rules of the road" for your social audience, including what's acceptable content to post to your pages. "Be very open how you are going to police the account and what actions you'll take," Redmond says. For example, state clearly that content will be removed and users will be blocked from participating if they post spam, links to pornography, and homophobic or ethnophobic messages.

Teach your staff the drill. 

Make sure your staff is aware of the basics. "If you get an unsolicited inbound request that says, 'Hey, check this out' and has a shortened link, you do not want to click on that," Redmond says. "Be wary, if you see something change on the account randomly, or unexpected content, you want to automatically remove it. If you have security, check out where it came from and who posted it."