Every Account Matters: The Persisting Threat of Fake Accounts on Social Media Platforms
The proliferation of fake accounts: An examination of their abundance and possible solutions
Cybercriminals can launch attacks within a day, even ones involving purchasing a fake domain, setting up a look-alike website, and spamming thousands or even millions of users. Such attacks, often referred to as phishing, aim to trick users into revealing sensitive information like usernames, passwords, and multi-factor authentication codes.
Cybercriminals typically set up their own servers for these attacks, eliminating the need for accounts on other services to interact with users. Their primary goal is to gain access to and take control of existing accounts, which can then be sold for various purposes, such as installing data-stealing malware or carrying out ransomware attacks.
It's important to note that stolen social media accounts may not have as much value as access to corporate networks or banking apps, but they still hold a certain resale value in the underground market of Initial Access Brokers (IABs). Access to social media or instant messaging accounts can provide scammers direct access to your closed group of friends and family, enabling them to promote investment scams, conduct cryptocurrency fraud, or trick people into installing rogue software using your account.
Interestingly, some cybercriminals target established social media accounts because of their longevity and believability, which helps forgo informal detection as obvious sockpuppets or catphish. Established accounts usually have a creation date more than a few days old, a genuine-looking profile picture, a realistic posting history, a reasonable number of followers, and so on.
A sockpuppet is an account deliberately operated under a fake name, often for the purpose of making scam posts seem more believable. A catphish account is one that pretends to belong to a trustworthy individual, usually by lying about details such as gender, age, appearance, education, and location. These accounts are often used to lure victims into online relationships that end in financial fraud, emotional abuse, or physical stalking.
On the other hand, some cyber-scammers are more interested in creating large numbers of brand-new accounts, especially on social networks, which they can operate and control right from the beginning. Although many of these accounts may have short lifespans, they can still be valuable for numerous reasons. For example, some may survive long enough to become useful or saleable accounts, while even short-lived accounts can influence online behavior.
The widespread existence of fake accounts on various social media platforms, such as LinkedIn, Facebook, and TikTok, is indeed troubling. The implications of this problem stretch to misinformation proliferation, the amplification of signals affecting financial markets, and the facilitation of scams, hacking, and financial fraud.
In the case of LinkedIn, 88.8 million fake accounts were stopped during registration in 2023, while 32.2 million were only detected after activation—meaning that Microsoft's automated tools let through more than one in four unwanted account registrations. Data from Statista indicates that 32.28 million fake LinkedIn accounts were removed in 2023, while for Facebook, the number of fake accounts recorded was significantly higher, explicitly including personal accounts used for business or "non-human" purposes.
The problem of fake accounts on TikTok also raises concerns, with the platform removing billions of fake interactions. This data sheds light on the scale of fake account creation and the potential for influence on online behavior.
In today's digital age, keeping endpoint security, anti-phishing tools updated, and being cautious towards 5-star reviews and positive endorsements for little-known products can help users avoid online scams. If something seems too good to be true, it probably is. Users are also encouraged to report suspicious accounts or interactions to help social media platforms address the problem better.
At last, partnering with a human-centered cybersecurity provider can further help businesses tackle the challenge of fake accounts, ensuring a balance between ease-of-use and robust security measures is maintained for both IT teams, colleagues, and customers.
- Implementing robust endpoint security measures can help protect individuals from cyberattacks such as phishing, which are common methods used by criminals to gain access to sensitive information on social media platforms.
- In the wake of the persisting threat of fake accounts on social media platforms like LinkedIn, Facebook, and TikTok, businesses may benefit from partnering with a human-centered cybersecurity provider to address the challenge, maintaining a balance between ease-of-use and robust security for all users.
