Connect with us

Tech

Attack of the Clones: The rise in identity theft via social media

Published

on

Attack of the Clones: The rise in identity theft via social media

Identity theft has increased on social media platforms due to accounts being copied for malicious or fraudulent purposes. How can we mitigate it?

Peter Ray Allison

By

Published: 31 May 2022

Earlier this year, Derbyshire-based freelance model Elle Jones was informed by acquaintances that they had been contacted by someone claiming to be her. Investigating, Jones discovered an Instagram account had been created mimicking her own profile, which offered pornographic content through a link. Jones reported the account but received an automated reply two days later saying that the account was not being removed. Jones then sent an email to Instagram contesting the inaction and the account was deleted two days later.

Jones’s experience is not unique. Author Joe Dunthorne had his identity exploited when an Instagram profile, which claimed to be him, attempted to convince people to buy cryptocurrencies. The problem isn’t limited to Instagram. For example, artist and cosplayer Giulietta Zawadzki had her Twitter account cloned earlier this year, in an attempt to sell pornography.

These impersonators are targeting businesses just as much as individuals – any account that has a significant following on social media can become a target for identity theft. In 2020, the Little Soap Company had its account cloned. Participants in its online competition were then privately contacted by the fraudulent account to be told they had won – and asked for their PayPal details.

As we have become a more digital society, there’s been an increase in fraudulent social media accounts being created. These accounts can be used to spread misinformation, send fraudulent links, sell products, or solicit bank details.

“It’s fairly easy to create and clone the account of someone else, trying to steal their identity – of a person, company or institution – and using that account to force information from other people, force money, but also for spreading misinformation and so on,” says Piotr Brodka, a professor in the Department of Artificial Intelligence at Wroclaw University of Science and Technology.

Social engineering attacks have a far greater impact than the immediate loss due to malicious activity. The person whose profile has been copied may be associated with the actions and reputational damage.

The impact of these social engineering attacks extends beyond any immediate losses due to malicious activities. A person whose profile has been copied could be associated with the actions and reputational damage of the impersonator. Brodka says that the bigger problem is not what we see. It is how the people are seen by their friends, and how damaging misinformation can be.

“I’m seeing a lot of clients that will have a rival account set up on Twitter that looks very similar to them,” says reputation consultant Madelaine Hanson. “That person will then claim that the original account was hacked, or they can’t remember their password, and will then share recommendations on NFTs [non-fungible tokens] or cryptocurrencies to invest in.”

A problem for platforms, not just for users

There is also an impact on social media platforms, because as more of these incidents occur, there will be an associated loss of trust in that platform’s ability to protect its users. This could lead to users changing their habits, such as switching to more secure platforms or limiting their exposure to platforms they perceive as vulnerable to identity theft.

“Since it happened on Instagram, I have changed my profile to a private account,” says Jones. “I was previously a business account, but with a private account I can see who asks to be a follower.”

A cloned account mimicking that of freelance model Elle Jones offered pornographic content through a link

One of the problems with social media identity theft is that the reporting mechanisms are limited. Social media identity theft reports can often go unreported because of the high volume of requests that social media platforms make. There is often an option to block the account when reporting cloned accounts. The malicious account can block the original account to obfuscate the account’s activities.

It can take several days for a response to be received and even then it is not always certain that action will be taken. Jones had to wait for four days before his account was removed. There has been no action against Zawadzki’s profile on Twitter.

There are also limited legal avenues that victims can pursue. The crime of identity theft is considered fraud. This means that the victim must have lost money as a result of the perpetrator’s actions.

A crime will only be reported if the victim or company has suffered financial loss due to the theft of an identity,” explained a spokesperson for the Home Office. “We encourage all victims to report incidents to Action Fraud, as it provides important information to law enforcement.”

However, equating reputational harm to financial loss can be challenging, as there needs to be evidence proving there has been a loss of earnings through the malicious activities by the cloned account. Hanson says that the law on defamation needs to be changed in general. “I’d like to see more focus on crime, such as impersonating others for information, being included under fraud.”

Is being verified enough?

The “blue tick” system, which is used by major social media platforms Facebook, Twitter and Instagram to indicate accounts that have had their identity verified, has had mixed success. Verified status makes it easier and quicker to remove bogus accounts. Only certain users can apply for verified status at the moment, and this often depends on the business they are associated.

Freelance model Elle Jones reported the cloned account, but two days later received an automated response saying the account had not been removed

” While some people may not be notable enough to earn a blue tick but are large enough to have an impact on markets, Hanson says.

The application process for becoming verified is a delicate balancing act for social media platforms. The platforms can get overwhelmed with applications if the prerequisites are too wide. However, if the requirements are too narrow, they may not be of any benefit.

Likewise, the verification systems used on each platform are not uniform. One platform may grant verified status to a user, but another platform will not, even though the user has been verified on an existing platform. This can lead to people questioning the legitimacy of a verified profile.

There has been some research into detecting cloned social media accounts. In 2014, Brodka published a paper titled Profile cloning detection in social networks. Platforms can detect fraudulent accounts on social media platforms using profile cloning detection.

“We created a simple app, which was collecting your friends and friends of friends,” says Brodka. “Based on that, we did some experiments on how effectively we can create a cloned profile and how effectively we can detect them.”

Brodka presented two methods in the paper. Brodka demonstrated two methods that could be used to examine the similarities between profiles. The second method evaluates the similarities between their social network accounts.

Both techniques proved useful in detecting cloned profiles, but the volume of data on social media platforms means the initial outlined methodologies would be unsuitable for mass deployment. Brodka says, “You would have to simplify that because it doesn’t seem possible to run it online for all accounts in large social networking sites like Facebook.”

Unfortunately, in the wake of the Cambridge Analytica scandal, Facebook data has become harder to acquire for research purposes. It has been difficult to detect cloning.

What can be done?

The proliferation of social media and inadequate reporting mechanisms on the platforms has seen identity theft flourish online. These malicious activities will continue to flourish online until further action is taken.

” I hope it will be faster to freeze accounts that are impersonating your, since it is very easy at their end to do so,” Hanson said. “We need to recognise that people who commit crimes online are harmful and impactful.”

It is important to have a proactive strategy in social media, including regularly checking for cloned profiles. For any cloned profiles to be removed, you should use the reporting tools.

The Online Safety Bill has been introduced to the UK Parliament and is currently at the committee stage. The bill includes a duty for social media platforms to stop fraudulent advertising, but it is not yet clear how effective it will be in combating identity theft.

“We are determined to crack down on fraudsters and are introducing legislation to make digital identities as trusted and secure as official documents such as passports and driving licences, including setting up a new Office for Digital Identities and Attributes,” says the Home Office.

Until then, individuals and organisations with a social media presence need to maintain vigilance regarding account cloning to protect their brand and reputation. Although having verified status can help, it is not foolproof.

Following his planned takeover of Twitter, Elon Musk tweeted “authenticate all real humans”, which implies a push for more Twitter profiles to be verified in the future.

In the digital age, it is important to have a proactive social media strategy. This includes regularly checking for cloned profiles. For any cloned profiles to be removed, you should use the reporting tools. Further evidence of illegal activity will be provided by screen shots of any comments or posts made by the fraudulent account.

However, there is only so much that social media users can do to protect themselves from identity theft on social media. Brodka says that the main responsibility rests with social media platform owners and authorities to develop mechanisms that allow them to quickly identify these cases.

Read more on Privacy and data protection

Read More

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Tech

USB logos finally make sense, thanks to a redesign

Published

on

By

USB logos finally make sense, thanks to a redesign


Author: Mark Hachman
, Senior Editor

As PCWorld’s senior editor, Mark focuses on Microsoft news and chip technology, among other beats. He has formerly written for PCMag, BYTE, Slashdot, eWEEK, and ReadWrite.

Read More

Continue Reading

Tech

Cheaper OLED monitors might be coming soon

Published

on

By

Cheaper OLED monitors might be coming soon


Author: Michael Crider
, Staff Writer

Michael is a former graphic designer who’s been building and tweaking desktop computers for longer than he cares to admit. His interests include folk music, football, science fiction, and salsa verde, in no particular order.

Read More

Continue Reading

Tech

New Pixel Watch leak reveals watch faces, strap styles and more

Published

on

By

New Pixel Watch leak reveals watch faces, strap styles and more
Google Pixel watch



The Google Pixel Watch is incoming
(Image credit: Google)

We’re expecting the Google Pixel Watch to make its full debut on Thursday, October 6 – alongside the Pixel 7 and the Pixel 7 Pro – but in the meantime a major leak has revealed much more about the upcoming smartwatch.

Seasoned tipster @OnLeaks (opens in new tab) has posted the haul, which shows off some of the color options and band styles that we can look forward to next week. We also get a few shots of the watch interface and a picture of it being synced with a smartphone.

Watch faces are included in the leak too, covering a variety of different approaches to displaying the time – both in analog and digital formats. Another image shows the watch being used to take an ECG reading to assess heartbeat rate.

Just got my hands on a bunch of #Google #PixelWatch promo material showing all color options and Watch Bands for the first time. Some details revealed as well…@Slashleaks 👉🏻 https://t.co/HzbWeGGSKP pic.twitter.com/N0uiKaKXo0October 1, 2022

See more

Full colors

If the leak is accurate, then we’ve got four silicone straps on the way: black, gray, white, and what seems to be a very pale green. Leather straps look to cover black, orange, green and white, while there’s also a fabric option in red, black and green.

We already know that the Pixel Watch is going to work in tandem with the Fitbit app for logging all your vital statistics, and included in the leaked pictures is an image of the Pixel Watch alongside the Fitbit app running on an Android phone.

There’s plenty of material to look through here if you can’t wait until the big day – and we will of course be bringing you all the news and announcements as the Google event unfolds. It gets underway at 7am PT / 10am ET / 3pm BST / 12am AEDT (October 7).


Analysis: a big moment for Google

It’s been a fair while since Google launched itself into a new hardware category, and you could argue that there’s more riding on the Pixel Watch than there is on the Pixel 7 and Pixel 7 Pro – as Google has been making phones for years at this point.

While Wear OS has been around for a considerable amount of time, Google has been leaving it to third-party manufacturers and partners to make the actual hardware. Samsung recently made the switch back to Wear OS for the Galaxy Watch 5 and the Galaxy Watch 5 Pro, for example.

Deciding to go through with its own smartwatch is therefore a big step, and it’s clear that Google is envious of the success of the Apple Watch. It’s the obvious choice for a wearable for anyone who owns an iPhone, and Google will be hoping that Pixel phones and Pixel Watches will have a similar sort of relationship.

What’s intriguing is how Fitbit fits in – the company is now run by Google, but so far we haven’t seen many signs of the Fitbit and the Pixel lines merging, even if the Pixel Watch is going to come with support for the Fitbit app.

Dave is a freelance tech journalist who has been writing about gadgets, apps and the web for more than two decades. Based out of Stockport, England, on TechRadar you’ll find him covering news, features and reviews, particularly for phones, tablets and wearables. Working to ensure our breaking news coverage is the best in the business over weekends, David also has bylines at Gizmodo, T3, PopSci and a few other places besides, as well as being many years editing the likes of PC Explorer and The Hardware Handbook.

Read More

Continue Reading

Trending

Copyright © 2022 Xanatan