How many people get random friend requests on social media? I get a lot of them. My policy has always been that if I don’t know the name of someone, I’m probably not going to accept their friend request. The only exception is if the person is familiar and has several common friends. I do this because fraudsters will send friend requests to gain access to personal information on secured social media profiles. That information can then be used to figure out passwords and commit various types of fraud.
This week, I received another friend request. When I checked the individual’s profile, I saw several red flags. One most of the friends that I could see were female. Two, none of the people in his friend group were people I knew. Three, there were only two pictures in his account. Four, his profile said he was in the US. I couldn’t see how we could be connected.
Then, more out of curiosity than anything else, I tried one more thing: I did a reverse image search on his profile picture. The image was from a different social media site, and the person lived in Germany. Looking through the second social media site, the profile looked much more authentic. The friend request that I had received was from a fake account.
What’s the threat of fake friend requests?
It seems like a lot of work to vet a friend request, but it took less than 5 minutes. Had I accepted this request, I would have allowed a fraudster access to a lot of personal information that could have been used against me. For example, the names of my family members, the names of the schools I went to, my interests, and my pet’s names. All this information can be used for fraudulent purposes.
The names of family members can be used in an emergency call scheme when a fraudster claims to be a family member or friend in need. The names of schools and pets are frequently asked as security questions on password-protected websites. Similarly, interests can be used as security questions, e.g., what is your favourite sport? Interests can also be used to establish rapport between fraudsters and victims prior to a fraud.
As more public databases like Ticketmaster and AT&T are breached, we need to take stronger measures to protect our information from theft. Set your privacy settings for friends and family or specific individuals only. Check profiles before accepting friend requests, and be conscious about what information you post. The few extra moments it takes to use safeguards will help reduce the risk of stealing your identity.
Kathleen O’Donoghue, CFE
Leave a Reply