Thursday, November 28, 2013

A few thoughts about fake profiles of Facebook

Hi World

People impersonating other people online is nothing new. It can often easily be done because social networks simply don't have the means to verify your identity. And if they did, no one would use them, because let's face it: Having to present your ID to create a profile... who would do it? I certainly wouldn't.

Whilst fake profiles are a real threat they still required a lot of work from the attacker to make it look authentic... or so I was thinking. Well it turns out that this is changing... Fake profiles are now being created on an industrial scale just like advertisement.

Every week or so on Facebook I get a new friend request from someone I don't know. It's not one of those persons that added me by mistake and that apologizes for adding me once I ask them who they are.

So how do you recognize those profiles? Well I've been able to identify quite a few similarities between all those fake profiles:

  • There are usually 4-10 pictures of the person. If you search for those images on the web, you'll usually find were the images got stolen from.
  • So far all pictures in the fake profiles I've seen were pictures from women. I guess that if you are a women yourself you will get targeted by fake profiles of men.
  • The pictures almost always represent an attractive person. This is probably based on the number of likes on the website where the images come from or perhaps they reuse the same pictures based on how efficient the fake profile is.
  • The profile's age is usually one month old or less. It eventually will get reported an be deleted by Facebook.
  • The friend list of the person is usually not that long yet and consists of men only (for a fake profile representing a women). This is interesting: People are apparently much more gullible when it comes to attractive members of the opposite sex.
  • If you send a message to the (fake) person you won't get an answer. Remember: This is being done on an industrial scale. They simply don't have the time to answer your question... even if this would make the profile more effective.
  • In the about section you will see that the person either shares your home town, the town you currently live in or both with you. This is very important: This is how they find you! Facebook has a "find friends" search form that allows you to find people that live near you. Using this method you don't have to search for a particular name. Remember: They want to target everyone. Not just people called "John Smith".
  • Often the is a post or two on the wall of the fake profile. These posts are often sentences that have part of mystery in them: Those are here so that you want to get to know that person.


Unanswered questions:
  • What is the purpose of these fake profiles? Gathering data that can only be seen if you have a person in your friend list. Making fake likes on pages of products look more realistic and thus justify funding for some marketing department?
  • Who is behind all this?
Why I have written this blog post:
  • I'm interested by what your discoveries on that subject as well. If you discovered something new let me know.
  • I'm also trying to raise awareness about this phenomenon in order to make those fake profiles less effective. The more people know about them, the quicker those profiles get flagged on Facebook (and thus deleted).
Have a nice day,

Pascal