Tuesday 19 November 2019

Faking it

What do you do when you find out that your profile picture and personal photos have been used to create a fake profile on Facebook, using a fake name?

This has just happened to someone I know, and although she and others have reported the abuse to FB administrators, and the fake profile will eventually be taken down, the feeling that one’s privacy has been invaded will probably linger for a while.

It is, of course, the downside of using social media – and one of the reasons that so many people refuse to have a FB account.  It is just one of the many negative aspects to what should be a wonderful tool to help us connect and network.   Meeting new people and socialising online through the “friends of friends” concept  can be great, unless it is used to infiltrate your account through the back door so to speak, and you realise too late that someone you did not add as a friend can still have access to your photos.

For, despite all the security and privacy settings which FB continues to create, not all of them are fool proof, and not everyone is quite sure how they work.

The prevalence of fake profiles has increased so much that a security firm Barracuda Networks has taken it a step further in a study titled “Facebook: Fake Profiles vs. Real Users.”

The study, which analysed thousands of real profiles as opposed to fake ones, came out with some very interesting statistics.

  • Fake accounts have six times more friends than real users, 726 versus 130
  • Fake accounts use photo tags over 100 times more than real users, 136 tags per four photos versus one tag per four photos
  • Fake accounts almost always (97 percent) claim to be female, as opposed to 40 percent for real users

I found the last statistic particularly intriguing and thinking back on the fake profiles which I myself have come across over the last year, I would say this is true.  This is probably because a woman is more likely to “friend” another unknown woman than she would add an unknown man as a friend (especially if she sees that they have mutual friends, which is the trick fake profilers use). As for why a man would accept a friend request from an unknown (good-looking) woman…well you don’t have to be a brain surgeon to figure that one out.

Dr. Paul Judge, chief research officer at Barracuda Networks was reported to have said that “researchers have shown how friending malicious accounts can lead to account takeover using Facebook’s trusted friend account recovery. We have analyzed thousands of fake accounts to determine features and patterns that distinguish them from real users, and created a feature-based heuristic engine to distinguish real users from fake profiles.”

There’s more to all this than just impersonating someone for kicks – and the implications of how fake profiles can be used are unnerving.

Emil Protalinski who blogs on this subject, pointed to research carried out last year at the University of British Columbia in Vancouver, Canada,   in which researchers  invaded Facebook with 102 socialbots, which are programs designed to mimic real users. He states that they made 3,055 friends in eight weeks, giving them access to 1,085,785 profiles, and allowing them to scrape 250GB of personal data.  Mr Protalinski reported that, “The bots began by sending friend requests to random users, 20 percent of whom accepted, and then to their mutual friends, which resulted in the acceptance rate jumping to almost 60 percent. Such an attack means it doesn’t matter if users hide their personal information from public view as long as they let their friends have visibility. The social bots thus managed to extract some 46,500 email addresses and 14,500 physical addresses from users’ profiles.”

He also goes on to define what a socialbot does:  it’s a piece of software that controls a social networking account and tries to act like a human being by performing basic tasks such as posting messages and making friend requests.

When Facebook was first launched, accepting a friend request from someone who has a mutual friend was an innocent enough move, and in a small country like ours, almost understandable.  What harm could there possibly be in that, right? These days though, we cannot be sure who we are really “friending” and what motives lie behind that person creating a fake profile in the first place.

As Mr Protalinski points out,  “Each time a socialbot successfully friended one person, they would then attempt to become Facebook friends with that person’s friends as well. As they became more embedded within friend networks, the acceptance rate of friend request increases drastically. The increase was due to what researchers called the “triadic closure principle,” which claims that if two users have a mutual friend in common, they are three times more likely to accept a friend request. Unsurprisingly, the more friends a given Facebook user had, the more likely they are to accept a friend request from a socialbot.”

What is more worrying is that Facebook DID NOT DETECT most of the socialbots at all, because FB relies on users reporting fake profiles in under to shut them down.  FB was understandably  unhappy with the results of the findings, claiming they had serious misgivings about the methodology used.

The researchers shut down the fake profiles themselves after the eight week research period was over.

The moral of all this is, naturally, not to accept requests from people you do not know, or at the very least, check out their profile thoroughly if they seem to have mutual friends.  I have often asked friends if they actually know the person who is claiming to be a mutual friend, and this usually works to weed out the fake profiles.

With FB it is a literally a case of finding out who your real friends are.

Powered by