After addressing scam calls and cybercrimes against women, we intend to direct your attention to a dangerous trend permeating the internet: fake accounts. Facebook took down a whopping 1.3 billion fake accounts in the past 6 months, reports Recode.
In the past, spam used to spread via email since email addresses were relatively easy to harvest via chat rooms and websites. Eventually, email filters became more sophisticated, and more effectively decreased spam from clogging the inbox. Since then, spammers have moved onto a new target: social applications like Instagram, Facebook and Twitter.
Fake accounts are key to social spamming, to gain credibility, these fake accounts will try to become ‘friends’ or follow verified accounts, like celebrities and public figures with the hope that these accounts befriend or follow them back. When genuine accounts befriend or follow back fake accounts, it legitimizes the account and enables it to carry out social spamming activities.
Another way for spammers to attack is to hack into and take over a user’s account, spreading fake messages to the user’s authentic followers. Armed with fake accounts on social networks or applications, spammers can then carry out the following activities:
Bulk messaging
Messages with the same or similar text can be sent out to a group of people in a short period of time. Use of bulk messaging can artificially cause a certain topic to trend if enough people visit them.
Sharing undesired content
Fake accounts can contact and share unwarranted content such as insults, threats and unwanted advertising to genuine users.
Clickbaiting
Clickbaiting is the act of posting sensationalist headlines to encourage the user to click through to the content with the aim of generating online advertising revenue. When the user clicks through to the page, the content usually doesn’t exist or is radically different from what the headline made it out to be.
Likejacking
Tricking users to post a Facebook status update for a certain site without the user’s prior knowledge or intent. The user may be thinking that they are just visiting a page but the click can trigger a script in the background to share the link on Facebook. This will then create a vicious cycle as other friends of the genuine user will click on the link and share it to more people on their network.
These activities negatively impact the user experience as well as potentially compromise your security or steal your data. Although social networks are starting to clamp down on fake accounts and spam, spammers can easily create new fake accounts to continue their activities.
The root of the problem is that creating a fake account in the social application is incredibly easy as the identity verification process is easy to bypass. Common methods of identity verification include using email verification-only, and Captchas can be quickly outsourced for people to solve inexpensively.
Phone verification seems like the best bet. This involves sending a one-time password (OTP) to a user over SMS or voice. If an account can only be created after the user has correctly entered the OTP in the social application, this will make the creation of fake accounts a more tedious process and account takeovers.
