Vulnerabilities / Threats
2/3/2012
03:12 PM
Connect Directly
RSS
E-Mail
50%
50%

How To Spot A Fake Facebook Profile

Check out these telltale characteristics of the phony Facebook 'Friend,' courtesy of Barracuda Networks.

Want to know who your real Facebook Friends are and are not?

Turns out there are some common characteristics of the fake Friend, according to new data revealed Thursday by Barracuda Networks. For one thing, it's likely a female: Some 97% of fakes pose as women, while about 40% of real Facebook accounts are women, said Paul Judge, chief research officer at Barracuda, here at the Kaspersky Lab Security Analyst Summit in Cancun, Mexico.

"Fake users can take over your account, spam your wall and feeds," Judge said. Many of these profiles are automatically generated, aimed at making money off of affiliate campaigns or spam-related scams: They spread phony ad campaigns for free gift cards from Starbucks or other trusted brands, he said.

A typical Facebook fake profile starts out by joining a group, such as a college network, in a large metropolitan area (think: population) and then shoots out friend requests to its members. They are all about luring new friends, and Barracuda has gathered some of the common traits of these fakes, such as their profile information and activities.

They hedge their bets: For example, 58% of fake Facebook accounts say they are interested in both men and women, while only about 6% of legitimate accounts say the same. In addition, phony profiles tend to stand out due to the sheer volume of their "Friends." On average, they boast 726 Facebook friends, while real users have about 130 Friends on the social network. Nearly 70% of the posers claim to have attended college, while about 40% of legitimate users' profiles include college educations.

There's plenty of evidence of automated generation of these fake profiles, too.

Read the rest of this article on Dark Reading.

It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
2/4/2012 | 12:06:34 AM
re: How To Spot A Fake Facebook Profile
Very interesting. I am assuming most pose as women because guys will fall for a pretty face. Did the fake profiles come with any kind of messages, and did they target people with similar backgrounds as they one they created (same college, job type, etc)?
Brian Prince, InformationWeek/Dark Reading Comment Moderator
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0103
Published: 2014-07-29
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

CVE-2014-0475
Published: 2014-07-29
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

CVE-2014-2226
Published: 2014-07-29
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtains sensitive information via unspecified vectors.

CVE-2014-3541
Published: 2014-07-29
The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.

CVE-2014-3542
Published: 2014-07-29
mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) is...

Best of the Web
Dark Reading Radio