Received any questionable friend requests on Facebook or LinkedIn recently? Use caution before you click “Accept” — we have seen a recent uptick in reports of requests, many of which are sure to come from hackers looking to infiltrate your data or discover personal information about you that can be used in a phishing attack.
Why would anyone go to such great lengths to create a fake friend request?
The first answer is the most obvious: for social engineering attempt. Defined as an attempt by hackers to gain more access to personal information about you that you may restrict to friends or connections only, social engineering starts with your email address, which can be spammed mercilessly with mail purportedly addressed to you.
But the deeper ploy comes from hackers who will then attempt to discover who your co-workers and bosses are, setting up a classic example of phishing: hackers create an email address that very closely mirrors that of an executive at your company (think firstname.lastname@example.org instead of email@example.com), then send wire transfer or other financial requests that they hope will be processed without question by a junior employee.
You may also get requests from fake friends who post viral-seeming videos on their Facebook wall (think along the lines of “10 Ridiculously Cute Animal Videos You Just Have to Watch!”). Those will host malicious links to malware or phishing sites that may then enter your personal information into their databases, or embed themselves on your own Facebook newsfeed, enticing more of your friends and family to click and also get infected.
So how can you spot a fake Facebook friend or LinkedIn connection request?
Several clues should serve as a dead giveaway that the friend request you received might not be genuine. Here are five questions to consider when you receive a request that seems too good to be true or too strange to explain:
1. Do you personally know the person, or do you share any friends in common?
It might seem obvious, but it’s also the first thing that gets overlooked. Can’t remember ever meeting this person in real life or knowing them through any mutual friend or professional networks? Chances are it’s a fake. Check the person’s list of friends and choose the “mutual” drop-down to see whom you both know. If any of you mutual friends are on the list, message them to see if they know the person.
2. Does the friend request come from an unusually attractive person?
A friend request that includes a picture of a beautiful person posing in a provocative way is often the easiest way to entice people to approve fake friend or connection requests. Although we’d all love to have models as acquaintances, this can be an easy sign that something malicious is at work.
3. Does the person have a new account that features very little activity?
If your new friend or connection request just joined Facebook or LinkedIn, consider this another tip-off that the person is most likely a fake. Most legitimate Facebook users will have a long history on their timeline dating back several years, while real LinkedIn users will have many link shares and recent connection approvals you can browse.
4. Does the friend requester have an unusually small (or large) number of friends, possibly all of the same sex?
Fake profiles will often feature an extremely low or high number of friends or connections — either the scammers have expended little effort setting up their fake profile or they’ve sent out a blitz of friend requests to other scammers, all of which have been approved. Also, if the person’s list of friends and connections is predominantly of the opposite sex, chances are it’s a fake: scammers posing as women will often exclusively target men, and vice versa.
5. Is there nothing but shared videos and photos on their timeline?
Chances are there won’t be much day-to-day activity on a fake profile — we all know how hard it is to generate genuinely personal content. If you see nothing but shared photos and videos with enticing titles — no location check-ins, silly status updates, or selfies — be suspicious and don’t click “Approve.”
What’s at stake?
Just the security of your company’s data, the sanctity of its finances, and everyone’s reputation. The FBI recently revealed that hackers have tried to steal more than $3 billion by running business email compromise rings, where they impersonate top executives in emails ordering large wire transfers. And the information required to send those emails is most often scraped through social media hacking.
If you do receive a fake request or a suspicious financial transfer email, first things first: report it to Facebook or LinkedIn, or alert your IT provider. The more security experts know about these hacking attempts, the more we can try and fight them using proactive monitoring, anti-spam and anti-malware solutions, and layered network security settings.
Want to know more about how to keep your systems and business information safe while avoiding social engineering and business email compromise attempts? Contact CMIT Solutions today. We worry about your IT so you don’t have to, freeing you up to do your job more efficiently and productively.