Last week I wrote about The Ghosts of Facebook; Facebook accounts whose owner didn’t appear to be a real person (in this case someone named Chong Loris). I got quite a bit of reaction to the blog. Some people registered with real concerns. Others wondered what the fuss was all about. In other words, was I truly shocked that some people are not who they say they are on Facebook?
I must admit I felt a little bit like Claude Rains in Casablanca. At one point in the classic Humphrey Bogart movie he shuts down Rick’s Café, saying he is “Shocked, shocked to find that gambling is going on at this establishment.” At that moment he is interrupted by an employee and given his winnings from the roulette table.
So no, I’m not shocked about phony Facebook accounts. And there are a few scenarios where it’s not a big deal. Certainly a violation of Facebook policy, but not something that you and I should be concerned about. Let me talk about those. Then, we’ll get to the possible scenarios that we all should be concerned about.
A Prank – Someone assumes the persona of a famous person. This is harder to do now then it was before with celebrities. And it’s rarely done maliciously anymore. It seems to be done for a laugh. As a security person, I don’t get too excited about this anymore, however back in the day it was fun to track.
A Contest – An attempt to win a contest by using a ghost account. It could be some sort of contest that requires you to get your Friends to sign up for something. Or it’s just bragging rights for gaining a large number of friends on your account. This happens with Facebook Groups quite a bit. For instance: http://www.facebook.com/group.php?gid=28820445233. Doesn’t sound all that entertaining to me, but it happens.
An Alias – The New York Times carried an interesting story on this: http://www.nytimes.com/2010/05/09/fashion/09privacy.html?scp=10&sq=facebook&st=cse
Teens may not have thought or cared about privacy issues at the start of Web 2.0. We all make youthful mistakes. But they are learning fast. The article sites multiple studies that suggest these users are finally beginning to worry about privacy on-line. And they are taking steps to protect their privacy. One of those steps is creating aliases on Facebook. Their real friends know the alias. But a college admissions officer or a perspective employer can’t find them with a simple search. I’ll leave it to another blog to discuss the merits of this approach. But it does make me feel better about the youth of America: they are finally thinking about protecting their privacy on-line.
A Researcher – It’s always possible that some person, in the name of research, is seeing how many friends they can acquire through a phony account. Soon a report will come out with graphs and charts showing how people willingly Friend someone they don’t know. My take: why are they bothering? This research has already been done half a dozen times. And we know the answer. Lots of people will Friend someone they don’t know.
At the end of the day, these are all pretty harmless. And if I thought my non-Friend Chong Loris was up to one of these I would not have bothered to write about her. Here are some other, more likely possibilities. These are the types of phony Facebook accounts we all should be worried about.
Stalker – There have been a number of well-publicized cases of stalking via social networking. You certainly can reject or remove a Friend that could be a stalker. I certainly hope you’re never in a situation like that. But if you are, please don’t Friend anyone you don’t know. The National Network to End Domestic Violence has spent a lot of time thinking about and documenting on-line behavior for those being stalked. I recommend them as a resource. They even have a list of tips for using social networks.
Social Engineering – Even if you routinely reject a friend request from people you don’t know, you’re likely to accept someone who went to the same college as you and has many of the same friends. I don’t remember half the people I knew in college. It would be easy for me to believe it was someone I just didn’t remember. This was true with Chong Loris. In fact, some people asked her to remind them how they knew her. People seem to think that social engineering is something that would not happen to them. Well, it happened to 670 friends of Chong Loris.
These are obviously big concerns. And it’s possible that this is what Chong Loris was up too. Unless you are a real estate agent, a hairdresser, or someone else that uses your Facebook account to market yourself, don’t friend people you don’t know. And don’t put things online that you wouldn’t want to be public.
Here are two more potential purposes behind these phony accounts:
Practice – For social engineering purposes, it’s very useful to build convincing phony accounts on social networking sites. So maybe someone is practicing and learning how to successfully build phony accounts. Maybe software tools to automate the process are being tested.
Stealth Marketing – Attractive young women have been used to market products for quite some time now. Stealth Marketing is when attractive young women (or men) are paid to go into a bar and loudly order and sing the praises of a certain brand of drink. Something similar is being done on-line as well. According to PQ Media, media sponsorships grew 13.9 percent to $46 million in 2009. Kim Kardashian is said to be paid $10,000 for every tweet she puts out promoting a product. But aren’t we willing to take a friend’s word on something much more quickly than some celebrity?
Bridget Carey of the Miami Herald was watching another ghost of Facebook at the same time I was watching Chong Loris. She discovered that a marketing agency was behind her ghost. You can read that story here: http://www.miamiherald.com/2010/05/11/v-fullstory/1622861/facebook-friend-dupes-hundreds.html
I don’t know that was the ultimate goal of whoever was behind Chong Loris. There were differences in the way the two ghost accounts were run. However, both featured pictures of attractive young women and were acquiring friends at a rapid rate. At this point, it’s likely I’ll never know. I do know that I’m a little less trustful of people I don’t know on-line. And unlike the real world, I don’t make friends with people I don’t know.