Pearl Technology Blog

How to Spot a Fake Facebook Profile

Posted on 2/3/2020 by Pearl Technology in cybersecurity phishing
image

Unmask imposters.

How many times have you been on Facebook and gotten a friend request that just didn't seem quite right? Maybe you didn't recognize the name, or didn't recognize any of the people this user was friends with.

How did you react? Did you delete the request, or did you go ahead and accept it?

When people think about phishing attacks, they generally look right at their email accounts. But phishing and social engineering are prevalent on social media too. In fact, cybercrime blog Phishlabs saw phishing attacks on social media jump up by 200% in 2018, accounting for about 5% of all phishing attacks.

So, those suspicious profiles you've seen? They could be data mining or trying to steal credentials. In any case, you're right to be suspicious.

The next time you get a friend request from an unfamiliar profile, ask yourself these questions before clicking "accept."

Do I actually know this person?

The most obvious sign of a suspicious profile is whether the user sending you a request is a complete stranger. If you don't know the person, don't accept the request.

This isn't always a bulletproof defense, however. Sometimes scammers will try to impersonate someone you're already friends with in order to trick you into taking some action (i.e., spearphishing). Whenever you get a friend request from someone you're already friends with, check with that person first to make sure the new profile is legitimate. If not, decline and report the profile.

Do I have any mutual friends with this person?

Let's be honest for a second: Remembering the names of acquaintances can be hard. Perhaps you met someone through a mutual friend, only to forget their name before they try to add you on Facebook.

When you receive a suspicious request, check that user's friends list to determine whether they met you through a mutual friend. If you don't see anyone you recognize, decline.

Does the profile name match the page URL?

Sometimes cyberattackers can slip up and leave clues to their true identities out in the open. This is especially true on Facebook profiles, where the name and URL of the user generally line up.

While the profile name can be changed, however, the URL cannot. A scammer may use the same profile to impersonate multiple victims, but the URL will always stay the same from the time the profile is created. Pay attention the profile's URL. If it doesn't match the profile's name, decline.

Where did the profile picture come from?

Cyberattackers on Facebook will sometimes rely on using photos they've either stolen from other users or downloaded from a stock image site. In any case, a simple Google Image search will tell you where the photo has appeared online before. If the photo is a stock photo or belongs to someone else, decline.

What kind of content are they posting (if any at all)?

Pay attention to what kind of content the user is sharing on their own profile, or on public pages. You may have seen friends suddenly tag you on posts for knockoff designer sunglasses or some other apparel. This happens when a user's profile is hijacked because they followed a link someone sent them, whether they knew it or not. This method is more than just a shady marketing ploy, however. Visiting the site can also infect your computer with malware, leading to more serious problems.

Other common schemes involve hijacked profiles sending messages asking you to watch a video (the hijacked user may ask something like, "Is this you in this video?"). This similarly leads to your profile being hijacked and malware being installed on your computer.

Just as you shouldn't blindly click any link you see in your inbox, don't click every link on social media. Do their posts sound like they're trying to sell something, or trying to get you to follow some link? If so, decline.

Has your profile ever been hijacked? How did you handle it?