Vulnerabilities / Threats
2/3/2012
03:12 PM
50%
50%

How To Spot A Fake Facebook Profile

Check out these telltale characteristics of the phony Facebook 'Friend,' courtesy of Barracuda Networks.

Want to know who your real Facebook Friends are and are not?

Turns out there are some common characteristics of the fake Friend, according to new data revealed Thursday by Barracuda Networks. For one thing, it's likely a female: Some 97% of fakes pose as women, while about 40% of real Facebook accounts are women, said Paul Judge, chief research officer at Barracuda, here at the Kaspersky Lab Security Analyst Summit in Cancun, Mexico.

"Fake users can take over your account, spam your wall and feeds," Judge said. Many of these profiles are automatically generated, aimed at making money off of affiliate campaigns or spam-related scams: They spread phony ad campaigns for free gift cards from Starbucks or other trusted brands, he said.

A typical Facebook fake profile starts out by joining a group, such as a college network, in a large metropolitan area (think: population) and then shoots out friend requests to its members. They are all about luring new friends, and Barracuda has gathered some of the common traits of these fakes, such as their profile information and activities.

They hedge their bets: For example, 58% of fake Facebook accounts say they are interested in both men and women, while only about 6% of legitimate accounts say the same. In addition, phony profiles tend to stand out due to the sheer volume of their "Friends." On average, they boast 726 Facebook friends, while real users have about 130 Friends on the social network. Nearly 70% of the posers claim to have attended college, while about 40% of legitimate users' profiles include college educations.

There's plenty of evidence of automated generation of these fake profiles, too.

Read the rest of this article on Dark Reading.

It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
2/4/2012 | 12:06:34 AM
re: How To Spot A Fake Facebook Profile
Very interesting. I am assuming most pose as women because guys will fall for a pretty face. Did the fake profiles come with any kind of messages, and did they target people with similar backgrounds as they one they created (same college, job type, etc)?
Brian Prince, InformationWeek/Dark Reading Comment Moderator
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9605
Published: 2015-09-04
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webup...

CVE-2015-2990
Published: 2015-09-04
Directory traversal vulnerability in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter.

CVE-2015-2991
Published: 2015-09-04
Buffer overflow in NScripter before 3.00 allows remote attackers to execute arbitrary code via crafted save data.

CVE-2015-5612
Published: 2015-09-04
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.

CVE-2015-5688
Published: 2015-09-04
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.