“It seemed harmless enough. The friend made fun of things, and was a practical jokester, so when his new name sent a message, I clicked “add”. Only then when they started talking did I realise it was a fake friend.”
We’ve heard this story too many times over, and in the age of the internet, it seems to be a familiar place for people just trying to live online, just trying to maintain an online life like everyone else.
The story of the fake friend is more interesting than the claims of a person about fake news. Being “fake” can mean a lot of things to people, but online, being fake can be a serious problem, and not just a means to mess with friends. It can be an attempt to separate you from hard-earned money, or take over your identity as a whole.
Fake friends are the cause of this problem, and they can be just like your real friends, only with one minor thing changing the way you see them.
The social dilemma
Most of us are using social networking websites and services like the good netizens we are, and that means we’re keeping in contact with friends, family members, work colleagues, and randoms that we met haphazardly on a chance occasion.
The beauty of social networking is that it lets you stay in contact without even really doing anything. Your life, your updates, your pictures and videos; the very things that make you “you” and the things you want to share all at once with your little community. Social networking makes it happen, and does so in a way that is easy and seamless.
In fact, many of us have become so adept at social networking services that they now form part of how we do things in life, and have taken over mannerisms and communication mechanisms.
Why send someone a text about a great movie you’ve just seen when you can just tell the world all at once, and show a picture of your happy smile? It’s a jumping off point for a discussion, and friends can add their two cents and explore the point more.
But while your friends and family are always happy to indulge your insatiable need for conversation, someone else may be lurking behind.
The fake friend
We’ve all met people in our life that aren’t looking out for our best interests, but public platforms like Facebook, like Instagram, like Twitter and such, mean we can also be more readily exposed to these sorts of individuals.
Unfortunately, there are a lot of them online, and with cybercrime being as lucrative as it is, chances are that you’re going to run into one sooner or later, and they might just perpetuate themselves as a so-called “friend” of yours.
“A fake friend scam is one of the most basic scams out there,” said Trend Micro’s Tim Falinski, adding that “it works by someone simply setting up a fake profile and sending you a friend request”.
“The friend request is commonly from a random person that you don’t know, but in more complex cases, it can be a request from a cyber criminal impersonating one of your friends,” he said.
You’ll know something is wrong and that a fake friend is involved when someone you’re already friends with tries to add you again. The new request includes their same picture and maybe a play on their name, but while it might seem like a new account with a bit of a joke, the reality is that this isn’t your friend.
Bizarrely, in this day and age when it’s not unusual to hear about someone being hacked, it’s possible that your friend wasn’t hacked, but rather that this fake friend has already tricked them into adding another fake friend with a different name, and now they’ve harvested their friend information for nefarious purposes.
Once they’re granted access, the friend list is theirs for the taking, allowing them to create yet another account and send themselves out to more people.
Cloning themselves as more fake friends will eventually work, and someone will at one point say “yes” to the friend request, adding someone for them to talk to.
And the moment they do, the moment you give them an inch, you can bet that you’ll know fairly quickly why they’ve added you.
The reason why
Cybercrime is anything but small, and if you give a cybercriminal a second of your time, they’ll try to take you for the full hour, day, week, and so on. Once they’re in, they’re in until you block them, and even then they have something to work with, initiating a conversation and hoping you fall for their spiel hook, line, and sinker.
“These types of scam usually have an immediate monetisation scheme,” said Bogdan Botezatu, Senior E-Threat Analyst at Bitdefender.
“The impersonator would usually ping the victim to tell them that they need some money for various reasons or ask them if they know about the fact that they are eligible for financial aid,” he said.
Pickr was told that there were plenty of other reasons the fake friend scams were used, such as blackmail and extortion for intimate photos, phishing, and identity theft, and that once a conversation was successful, a cybercriminal using this technique could do some serious damage.
The moment that fake friend request kicks in, common sense should hopefully prevail, and there are added reasons why you’ll be able to tell that it’s not really your friend:
- You’ll know how they speak, and the moment the language seems strange, it will be a dead giveaway for you to block them.
- You can always check out that friend’s profile to see whether they’ve left a message about the issue. If friends have already told them, it’s likely they’ve left a message for everyone else.
- Call or message the friend to find out if they’ve left the social network and/or are changing their name. See if they know about this and determine for sure.
Remember that you don’t have to say “yes” to a friend request, and that there is no timer on friend requests forcing you to say yes or no. You have plenty of time to research and find out whether this new friend request is telling the truth.
If you say “yes”, so be it, but if they are fake, be aware that once you’ve said yes to a fake friend, they have access to your friend list until you block them. If they are fake and you find out, block them immediately and don’t let them create a clone of you, starting a whole new cycle of contacting your friend list and doing this all over again to your friends.
While fake friends can technically create themselves as any person you don’t know to convince your friends to add them, the reality is that familiar faces are far more likely to gain results.
“A friend of a friend is usually perceived as more trustworthy than a random face on the internet,” said Botezatu.
Engineering “us”
Most of us are aware how necessary security is for our computers and phones these days, but there doesn’t appear to be a way for security programs to completely block the request, only the links these scammers might send, and there’s a great reason why: they’re not hacking the computer.
Rather, criminals taking this form of “hack” aren’t breaking Facebook’s security, but rather breaking the security of the person, employing a technique known as “social engineering”.
“Social engineering is hacking people, not computers. This is why security solutions are not enough,” said Noushin Shabab, Senior Security Researcher of Kaspersky Lab’s Global Research and Analysis Team in Australia.
This type of hack is one that has become increasingly popular over the years, likely because it plays on us and our friends. Rather than question the truth, many of us just accept, and while some might argue that the internet’s “everything online and on-tap” approach can make us complacent, it also might extend from how we get our information about things in general.
“Australian have become really good at ignoring third-party advertisements or gimmicks that seem too good to be true,” said Symantec’s Nick Savvides, Chief Technology Officer at Symantec in Australia & New Zealand.
“Instead, we place value on recommendations from our friends as to what is a good offer or opportunity for us. Playing on that trust among friends, this scam involves scammers sending out hundreds of fake friend requests to random platform users with the aim of encouraging them to tag their friends in malware or malvertising, increasing the likelihood of someone clicking on the link,” he said.
Bizarrely, malware-infused advertising is actually a thing, and the moment someone sees an offer that is too good to be true, if their friends have clicked into it — and the social network reports that — there’s a good chance they’ll fall for it, too.
Then they have you, and after a trade of money and details, you’ve become yet another statistic.
Going on guard
Annoyingly, there doesn’t seem to be a way for regular people to turn up their security to stop these sorts of threats from coming in. Social networks can and will likely keep coming with machine learning platforms to help identify criminals and protect their networks, but cybercriminals are unlikely to give up on such a lucrative way of making money when it still works.
Security software on your computer or phone can also only do so much, and unless there’s a link being sent to you in chat, there isn’t much it can do.
You can still fall for a fake friend request where they’ve added an extra “t” or “s” to the back of their name, partly because it’s become normal for us to click “accept” and just let it go.
However, there are some things you can do, and it starts with what most of us have a good comprehension of: common sense.
“Common sense is still one of the best ways to stay safe on social networks,” said Bitdefender’s Botezatu. “Always ask yourself why you got befriended by a specific person you have nothing in common and what value could they bring to your profile.”
Checking who that person is might be the step that saves you, and it takes about as much time as it did for you to open the friend request in the first place.
“If you receive a request for help from someone, it’s best to check that this person really is who they claim to be,” said Kaspersky’s Shabab. “Ask questions that only the two of you could possibly answer, or call to discuss it voice-to-voice.”
There’s also the matter of being proactive about things. You might not feel great about waiting for a scammer to try his or her luck with you, and so another approach might be warranted.
In the wake of the recent Cambridge Analytica scandal on Facebook that threatened its very existence, consider taking a look at your security settings and see if there’s something you can do.
“Australians who use social media platforms should take care to implement a few key security measures to ensure they are protected from an attack and reduce the chances of becoming a victim,” said Symantec’s Savvides.
He told Pickr that Australians (and all netizens for that matter) should ensure that privacy settings are tight so that only the people you want to see your friend list or posts should be able to see them, to review your friends list often, to avoid sharing personal information, and to turn on two-step authentication to help secure your account even more.
“Don’t trust the platform to look after you,” he said. “You must look after yourself.”