The fake friend request. If you spend any substantial amount of time on Facebook, you’ve likely received one. I currently have seven such fake requests in my inbox, and each is a unique Social Story. In part 1 of this post, we talked about how fraudsters use engaging stories to gain the trust of their targets. Jargon, shared traits, references to mutual acquaintances are all effective ways to deceive. In this post, we’ll see some examples of fake Social Stories.
Most fake friend requests are easy to spot for individual users. The Provocative Profile Pic (“PPP”) is usually a dead giveaway. The “zero-mutual-friend-check” is also effective. But some stories require a closer look. Take the Facebook users below as examples of different levels of sophistication (names have been changed to protect the innocent):
Kayla | Luke | Jen | ||||
Profile Pic | PPP | Handsome, Smiling Headshot | Attractive, Smiling Headshot | |||
Gender | Female | Male | Female | |||
Friends | 12, 0 mutual | 148, 0 mutual | 116, 40 mutual | |||
College | Stanford University | Stanford University, 2010 | Chicago | |||
High School | San Diego City Schools | Standford University [sic] | Crane | |||
Likes | None | Chicago Bulls; Dwayne Wade | None | |||
Phone | Unlisted | Unlisted | 312-xxx-xxxx | |||
Unlisted | Unlisted | [email protected] | ||||
Other | Picture accepting Gold Medal in 2008 games |
Even at a quick glance, it’s clear that these stories were crafted to target me and users like me. I attended the University of Chicago and Stanford around the same time as Kayla, Luke and Jen.
Kayla is a fairly easy one to dismiss. In addition to the PPP, finding a recent Stanford grad with 12 Facebook friends is like finding the Loch Ness Monster. Luke is a little trickier but is still a pretty obvious fraud. His friend count is 148, above average for Facebook but, again, well below average for Stanford Grads. Or was that, Standford High School? Yes, you can see in addition to listing Stanford as his College, “Standford” is his High School. There’s subtler things as well (how many Bulls fans have D-Wade as their favorite player?), but the funniest one here is an album picture of our hero apparently accepting a Gold Medal at the Beijing Games (not sure who the real athlete is).
Jen is the most sophisticated member of this group. Her picture is attractive, but not provocative, which lets her take advantage of the well documented “What is beautiful is good” stereotype that humans exhibit. She has 116 friends and fully 40 of them are mutual friends. The location details are also very consistent. She’s Chicago through and through, from high school to phone number to college. Identity generators that do this are readily available. It’s only a deeper look that reveals these accounts are fake. First, the “Chicago” details are just a little off – she’s not linked to the official “University of Chicago” page. The listed phone number is disconnected, and the email follows the FirstNameLastName## pattern commonly used by fraudsters. Upon further checking the email actually proves it to be a total fake.
Unfortunately, not every targeted user has the time to pick apart the details of a friend request. For a business evaluating thousands of customers onboarding through Facebook Connect, this kind of profile review is simply impossible to do at scale. Signifyd builds the product that does it for you, at scale and without putting friction on your users.