Check out these telltale characteristics of the phony Facebook 'Friend,' courtesy of Barracuda Networks.
Want to know who your real Facebook Friends are and are not?
Turns out there are some common characteristics of the fake Friend, according to new data revealed Thursday by Barracuda Networks. For one thing, it's likely a female: Some 97% of fakes pose as women, while about 40% of real Facebook accounts are women, said Paul Judge, chief research officer at Barracuda, here at the Kaspersky Lab Security Analyst Summit in Cancun, Mexico.
"Fake users can take over your account, spam your wall and feeds," Judge said. Many of these profiles are automatically generated, aimed at making money off of affiliate campaigns or spam-related scams: They spread phony ad campaigns for free gift cards from Starbucks or other trusted brands, he said.
A typical Facebook fake profile starts out by joining a group, such as a college network, in a large metropolitan area (think: population) and then shoots out friend requests to its members. They are all about luring new friends, and Barracuda has gathered some of the common traits of these fakes, such as their profile information and activities.
They hedge their bets: For example, 58% of fake Facebook accounts say they are interested in both men and women, while only about 6% of legitimate accounts say the same. In addition, phony profiles tend to stand out due to the sheer volume of their "Friends." On average, they boast 726 Facebook friends, while real users have about 130 Friends on the social network. Nearly 70% of the posers claim to have attended college, while about 40% of legitimate users' profiles include college educations.
There's plenty of evidence of automated generation of these fake profiles, too.
It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)
Dark Reading Must Reads - September 25, 2014Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Published: 2014-09-30 ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
Published: 2014-09-30 The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
Published: 2014-09-30 The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.