The hilarious-if-it-wasn’t-so-tragic incident of Tory minister Brooks Newmark sending dodgy pictures to a male journalist pretending to be a female party worker raises an interesting data security issue for business.
It would be very easy to build a credible Twitter profile of an important person (say a prospective client), using a photograph of them taken from the web and buying a large number of followers to make the profile look genuine.
This profile could then be used in two ways:
- to publish misleading information
- to gain the trust of other people who are happy to communicate via Twitter with the prominent person
In the latter case, the person behind the fake Twitter profile might reference a particular person (the “victim”) in a number of tweets in the hope that the victim would follow the fake profile. Once that connection is established, the fake profile can communicate privately via Direct Message with the victim soliciting information (rather than dodgy pictures). Alternatively the fake profile can simply address public tweets to you by putting your Twitter name at the start of their posts.
Similar scams could take place on LinkedIn and Facebook although in both of those cases it might be more difficult to build up credible profile with lots of connections/friends as connecting on these platforms is a “mutual” action that both parties need to agree to, whereas on Twitter you can follow people without their permission and buy “followers” for a few dollars thus easily building a credible profile.
How can businesses (and politicians) guard themselves against false Twitter profiles? If someone you think you may know engages you in conversation on Twitter about a strategically important issue:
- First, check out the number of connections the profile has. If there are only a few then you should check out whether they follow lots of people and whether they are active on Twitter. A profile with only a few connections should be checked out. Call them up and ask if they are messaging you on Twitter. (The fake “Sophie Wittams” profile that brought Brooks Newmark down had 52 followers and had tweeted 172 times, so the journalist responsible had taken care to build a credible profile over a period of time.)
- Second, check out the authenticity of the followers the profile has. You can use a service like twitteraudit.com to see how many fake followers a particular account has. Too many (more than 50%) and you should be suspicious.
- Third, check out their profile. Does it look genuine: for instance does it contain a recent photograph and perhaps contact details or other personal information? If not, then you are right to be wary.
- Fourth check out whether there are any similar profiles on Twitter. Search for their name, and variants of their name, to see if there are other accounts that seem to belong to the same person. If there are several similar accounts all seeming to belong to the same person, you will need to discover which is the genuine profile.
- Fifth, check out whether the person with the name on the profile has connected with you before on Twitter, but under a different profile; if they have then something may be up.
- Sixth, if you are suspicious use the profile image to search Google. It may indicate that the photo belongs to someone else (but if it doesn’t, don’t take this as proof that the photo is genuine)
- Seventh, if it seems too good to be true for any reason, then it almost certainly is! (Politicians take note.)
LinkedIn is slightly more difficult to check out as it isn’t possible to detect fake connections (and depending on the account settings it may be impossible to see them at all). However, it is still possible to check out the number of connections, the extent of the biography and the level of activity. If a profile looks incomplete, unused, and with few connections then you might want to treat it as suspicious. In addition, check whether the profile seems to have connected with you before: if they have then the chances are that one of those profiles is a fake.
Facebook? Well my advice here is to avoid business conversations on Facebook. Connect only with people who are genuine friends, not business acquaintances. And never discuss business on a Facebook page or via any form of Facebook messaging.
Back in 1993 the New Yorker magazine published a cartoon with the caption “On the Internet, no one knows you are a dog”. This is still very true, especially in social media. And it is something that anyone with an interest in data security needs to remember.