Reverse-engineering Social Engineering: What makes a Fake Profile Tick?

  • Home
  • Reverse-engineering Social Engineering: What makes a Fake Profile Tick?

Reverse-engineering Social Engineering: What makes a Fake Profile Tick?Hello, and welcome back to another edition of the Managed Services blog! Today, we bring yet another intriguing topic to your attention – we will look at what goes into a fake profile, why they are so effective when done right, and what can be done to protect the real accounts and monitor the fraudulent ones.

So, how is a good fake profile made? The answer is: convincing writing, and stolen personal information. The latter is really easy to find – visit most social media accounts on any website, and everything from birthdays, to photos, to current location can be discovered. Extra information can also be taken from LinkedIn accounts, as many users add too much material to their accounts. If the fake account creator has good writing skills, he/she could make it even more convincing, writing content that completely fools followers and visitors.

What’s the impact of fake profiles? Well, in simple terms, fake profiles can, by posting inappropriate content and saying hurtful things, spoil the reputation of the real user, who may be a complete 180 in terms of content and intentions from what is being posted. The spoilt reputation can then cause mistrust in the real user among his followers or subscribers. Companies who have had their accounts duplicated, and then used for malicious purposes will feel this hard, because a great deal of a business’s success comes from the trust from the user or customer.

So what can be done to protect social media accounts from being victims of fake profiles? The most important tip that can be given is to significantly reduce the amount of personal information that is present on the account. The less personal info present, the less phishers and hackers have to work with. Things like locations, birthdays, photos, and such must be either left out or be kept to an absolute minimum.

That’s how accounts can be protected, but what about finding those fake profiles? What’s needed is a system that can comb social media websites for similar-sounding profiles, and assess threat levels based on content – if the suspicious account is posting inappropriate content under someone else’s name, the levels given will be very high, thereby giving priority readings in terms of threats.

Here at Managed, we have a product that can do all of the above paragraph, and more, in our newest service, Hawk-i. It scans, not only social media, but blogs, news sites, and more for fake accounts, derogatory posts and articles, and so on. All suspicious data is manually reviewed by our in-house analysts in our Dubai-based NOC/SOC, who give the appropriate threat scores to each and every post and article collected. Clients are then given options as to how to mitigate the threats and risks. To find out more about Hawk-i, visit the service’s information page for more.

That’s it for this week’s edition of the Managed Services blog. Come back next time for another informative post. Take care, and stay cyber safe.

Get In Touch With Us


Subscribe to our Daily Cybersecurity Briefing