Today I received a friend request from someone on Facebook. Usually I would just click “Approve” and move on.
Yet, we only had one friend in common, and upon checking this person’s Facebook profile, it showed that they had only one post on their timeline (a poor quality profile pic), yet they were adding friends on Facebook at a furious rate. I couldn’t really find anything from a Google search on this person. It was as if they didn’t exist.
Many of the people who he friended are from my community — people I know, although we’re not Friends on Facebook.
I thought I’d spend a few minutes investigating this a bit, so I contacted some of the people (dozens added in the last hour) who had recently friended him.
Turns out none of these people really know anything about him.
Potential Harm
Here’s the danger in accepting friend requests too quickly:
- The person controlling the fake user account (a troll) gets access to your entire friend list.
- The troll or potential hacker sees your private timeline posts as if they are your friend or family member. They see things about you that you’ve set as not public and only viewable to friends or friends of friends.
- Because of your supposed friendship with this fictitious person, the troll then gains the trust of your friends, so when the friend request appears, your friends think they are a trusted and known individual. So, they accept the friend request, and the troll returns to step 1 above to become friends with everyone that person knows, and so on.
The goal of these people is to quickly build up a huge friends list on Facebook which can grow exponentially. These accounts are typically built up over time and then sold on the black market to spammers, advertisers, and hackers who attempt to use reverse social engineering to hack into Facebook accounts (and your other accounts) based on what they gather from your personal information online.
What You Can Do
While Facebook is usually a fun and safe online environment, it’s still important to be cautious.
- Alert Your Friends. If you suspect some suspicious activity, let your friends know — the friends who have already friended a troll using a fake account.
- Alert Others. Look at the list of people the fake account has friended. Some of them will be people you’re not friends with, but you have dozens of friends in common. In other words, they are likely legitimate users. You could also consider notifying them.
- Notify Facebook. You can also contact Facebook about suspicious activity. Go to the profile of the person you suspect is fraudulently using Facebook. Click on the dots to the right of the Message button and choose Report to report the person. You can also Block them.
It’s everyone’s responsibility to help keep Facebook safe and secure through each person being careful about who they connect with.
UPDATE #1
Several hours ago, there was no Google image match on the Internet for the profile image that had been posted by the fictitious user. None. Now, a few hours later, that same image is showing up for multiple user accounts under different names on Twitter and other websites. On those sites, he’s also posted little or nothing, but building friend networks.
UPDATE #2
Facebook took down the fraudulent user’s account within a few more hours of this post. Another victory.
Iowa City Technology Services 