How to Detect Fake Profiles – Understanding Phishing

Phishing is one of the most common methods of attack that hackers use. It’s the fraudulent practice of obtaining sensitive information such as usernames, passwords, and credit card details for malicious reasons by disguising as a trustworthy entity. For example, a friend of mine was working for Deloitte during a phishing prevention test and he had fallen for an email that was sent to him by the company. The email, marked with a Deloitte logo, read that he won a bonus for his overtime hours and was to send banking details through a website which was linked. I mean, who wouldn’t at least hope it was real? As it turns out, he was being tested for a phishing vulnerability and, you guessed it, he failed.

Fake profile

What are Fake Profiles?

A fake profile is the representation of a person, organization or company that does not truly exist, on social media. Often these accounts use names and identities that not only look real but are designed to get closer access to specific people and their target audience. The appearance of these fake profiles can range from an attractive woman, who is trying to gain access to a man’s Facebook, or a business such as a bank, reaching out to you for updated account information. They usually are recently opened accounts that have few friends, anywhere from just a dozen to several hundred. The pictures they use, are usually altered versions of images stolen from actual people or organizations. So, who knows? maybe someone is using your pictures for malicious purposes somewhere on the internet to deceive, gain access, and exploit your data!

RELATED:  The Global Cybersecurity Skills Gap

Who uses Fake Profiles?

Anyone can use a fake profile. From government agencies, companies, kiddie hackers and professional online criminals. All you need is a phone number, an email, a few stolen and altered images, and you are good to go. Truly strong fake identities are built slowly and take time. No one built their Facebook profile in one day, so that should be a clear red flag. Marketing agencies also use them, as they want to research what people are doing online. It is not completely illegal since users grant profiles access to their publicly posted information on social media, they are granting them with full awareness and consent. Social engineering methods are used to surpass any psychological barriers that the person behind the fake profile might detect in his targets. This includes gender, age, ethnicity, appearance, where they work and went to school – all of these components allow hackers closer access to their goal – your data.

How Can I Detect That a Profile is Fake?

If you think a fake profile is attacking you, it’s critical to look for signs of that profile being fake. You could try reverse engineering profile images by searching for them on google images, but a good hacker will know to alter them well enough the make them untraceable. So, what signs can you expect to find?

  1. The profile has very few pictures or no actual picture of a person at all.
  2. It was created recently – in the past year or two. Unless the person is very young, most of us opened our Facebook accounts in 2006-2007. Look for signs of long-term use of the account.
  3. Little or no contacts in common. When the profile has nothing in common with you such as friends or even a professional interest, and they are trying to add you, it’s likely for malicious reasons.
  4. When a profile adds you but once you accept them, there is no more interaction with that user. This is a classic sign that the profile is fake. The person behind the fake identity just got what he/she wanted and will avoid talking to you in the hopes you forget about it.
RELATED:  Protect Your Firm and Your Clients From Ransomware

What do I do When I am Contacted by One?

Report it. All social media websites now have the option of reporting a profile. Once you spot a fake profile, be sure to report it, and remove it from your friend’s list. Whenever possible, be safe and block the account to revoke its access to seeing your account. I recommend checking your profile settings often and clean your contact list regularly from anyone you don’t know or that you aren’t quite sure if they are real or not.

Not only can fake identities endanger your personal privacy, fake profiles can also put companies in danger. For more information on how you can further improve your workforce to avoid cyber threats, please visit our website at Cybint Solutions.

What Your Cellphone Knows About You

Ben Kapon

Exciting News: Cybint joins ThriveDX - Read the announcement or visit the site!