{"id":36538,"date":"2022-05-31T08:23:00","date_gmt":"2022-05-31T08:23:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/archives\/36538"},"modified":"2022-05-31T08:23:00","modified_gmt":"2022-05-31T08:23:00","slug":"attack-of-the-clones-the-rise-of-identity-theft-on-social-media","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=36538","title":{"rendered":"Attack of the clones: the rise of identity theft on social media"},"content":{"rendered":"

Earlier this year, Derbyshire-based freelance model Elle Jones<\/a> was informed by acquaintances that they had been contacted by someone claiming to be her. Investigating, Jones discovered an Instagram<\/a> account had been created mimicking her own profile, which offered pornographic content through a link. Jones reported the account, but two days later received an automated response saying the account had not been removed. She then emailed Instagram, contesting the inaction, and two days later the fraudulent account was removed.<\/p>\n

Jones\u2019s experience is not unique. Author Joe Dunthorne<\/a> had his identity exploited<\/a> when an Instagram profile, which claimed to be him, attempted to convince people to buy cryptocurrencies<\/a>. Of course, the problem is not restricted to Instagram. For example, artist and cosplayer Giulietta Zawadzki<\/a> had her Twitter<\/a> account cloned earlier this year, in an attempt to sell pornography.<\/p>\n

These impersonators are targeting businesses just as much as individuals \u2013 any account that has a significant following on social media can become a target for identity theft. In 2020, the Little Soap Company<\/a> had its account cloned<\/a>. Participants in its online competition were then privately contacted by the fraudulent account to be told they had won \u2013 and asked for their PayPal<\/a> details.<\/p>\n

As we become an increasingly digital society, there has been an associated rise in the number of fraudulent social media profiles being created. These accounts are then used to distribute misinformation, share fraudulent links, sell goods or attempt to solicit bank details.<\/p>\n

\u201cIt\u2019s fairly easy to create and clone the account of someone else, trying to steal their identity \u2013 of a person, company or institution \u2013 and using that account to force information from other people, force money, but also for spreading misinformation and so on,\u201d says Piotr Br\u00f3dka, a professor in the Department of Artificial Intelligence<\/a> at Wroclaw University of Science and Technology<\/a>.<\/p>\n

\n

The impact of social engineering attacks extends beyond any immediate losses due to malicious activities \u2013 the person whose profile is copied can become associated with the actions of the impersonator, causing reputational damage <\/figure>\n

<\/i> <\/p>\n<\/blockquote>\n

The impact of these social engineering attacks extends beyond any immediate losses due to malicious activities. The person whose profile is copied can become associated with the actions of the impersonator, causing reputational damage. \u201cThe bigger problem, which we possibly don\u2019t see, is the damage to the people; how they are seen by their friends and how damaging the misinformation is,\u201d says Br\u00f3dka.<\/p>\n

\u201cI\u2019m seeing a lot of clients that will have a rival account set up on Twitter that looks very similar to them,\u201d says reputation consultant Madelaine Hanson<\/a>. \u201cThat person will then claim that the original account was hacked, or they can\u2019t remember their password, and will then share recommendations on NFTs<\/a> [non-fungible tokens] or cryptocurrencies to invest in.\u201d<\/p>\n

\n

<\/i>A problem for platforms, not just for users<\/h3>\n

There is also an impact on social media platforms, because as more of these incidents occur, there will be an associated loss of trust in that platform\u2019s ability to protect its users. This will lead to user habits changing, such as limiting their use of platforms perceived as being vulnerable to identity theft, or switching to platforms that are seen as more secure.<\/p>\n

\u201cSince it happened on Instagram, I have changed my profile to a private account,\u201d says Jones. \u201cI was previously a business account, but with a private account I can see who asks to be a follower.\u201d<\/p>\n

<\/i>A cloned account mimicking that of freelance model Elle Jones offered pornographic content through a link <\/figcaption><\/figure>\n

One of the problems with social media identity theft is that the reporting mechanisms are limited. The support teams for social media platforms can often be swamped by demands, and reports of identity theft can be overlooked. When reporting cloned accounts, there is usually an option for blocking the account. Of course, the malicious account can also block the original account, thereby obfuscating the cloned account\u2019s activities.<\/p>\n

It is often several days before any response is received, and even then, it is not guaranteed that any action will be taken. Jones had to wait more than four days before an account was taken down. To date, there has still been no action taken against the profile mimicking Zawadzki on Twitter.<\/p>\n

There are also limited legal avenues that victims can pursue. As identity theft is covered by fraud, it is only considered criminal if the victim has lost money through the perpetrator\u2019s actions \u2013 irrespective of money made by the perpetrator through exploiting the victim\u2019s identity.<\/p>\n

\u201cA crime will only be recorded when the individual or company who has or may have suffered a financial loss through the use of a stolen identity reports it,\u201d explains a government spokesperson for the Home Office. \u201cWe encourage all victims to report incidents to Action Fraud<\/a>, as it provides important information to law enforcement.\u201d<\/p>\n

However, equating reputational harm to financial loss can be challenging, as there needs to be evidence proving there has been a loss of earnings through the malicious activities by the cloned account. \u201cDefamation law, in general, needs to be completely reformed,\u201d says Hanson. \u201cI\u2019d like to see more focus on crime, such as impersonating others for information, being included under fraud.\u201d<\/p>\n<\/section>\n

\n

<\/i>Is being verified enough?<\/h3>\n

The \u201cblue tick\u201d system, which is used by major social media platforms Facebook, Twitter and Instagram to indicate accounts that have had their identity verified, has had mixed success. Having verified status means it is easier and faster to have any bogus accounts taken down. However, only certain users are currently able to apply for the verified status, often depending upon the business they are associated with.<\/p>\n

<\/i>Freelance model Elle Jones reported the cloned account, but two days later received an automated response saying the account had not been removed <\/figcaption><\/figure>\n

\u201cA lot of people are perhaps not noteworthy enough to get a blue tick, but they\u2019re big enough to influence markets,\u201d says Hanson.<\/p>\n

The application process for becoming verified is a delicate balancing act for social media platforms. If the prerequisites are too broad, the platforms can become swamped with applications, but if they are too narrow, their use becomes too limited to be beneficial.<\/p>\n

Likewise, the verification systems used on each platform are not uniform. While one platform may grant a verified status, another will not, even if a user is already verified on an existing platform. This can cause people to question the legitimacy of a genuine but non-verified profile.<\/p>\n

There has been some research into detecting cloned social media accounts. In 2014, Br\u00f3dka published a paper titled Profile cloning detection in social networks<\/em><\/a>. Profile cloning detection enables platforms to spot potentially fraudulent social media accounts, which are exploiting people\u2019s trust for malicious purposes.<\/p>\n

\u201cWe created a simple app, which was collecting your friends and friends of friends,\u201d says Br\u00f3dka. \u201cBased on that, we did some experiments on how effectively we can create a cloned profile and how effectively we can detect them.\u201d<\/p>\n

In the paper, Br\u00f3dka demonstrated two methods that could be used. The first method examines the similarity of attributes between profiles, the second evaluates the similarity between their social networks.<\/p>\n

Both techniques proved useful in detecting cloned profiles, but the volume of data on social media platforms means the initial outlined methodologies would be unsuitable for mass deployment. \u201cYou would need to simplify that because I don\u2019t think there is a possibility to effectively run it online for every account in big social networking services like Facebook,\u201d says Br\u00f3dka.<\/p>\n

Unfortunately, in the wake of the Cambridge Analytica scandal<\/a>, Facebook data has become harder to acquire for research purposes. As such, it has become challenging to research cloning detection.<\/p>\n<\/section>\n

\n

<\/i>What can be done?<\/h3>\n

The proliferation of social media and inadequate reporting mechanisms on the platforms has seen identity theft flourish online. This will continue until further action is taken to counter these malicious activities.<\/p>\n

\u201cI hope it\u2019ll be much faster to freeze an account that\u2019s impersonating you, as it\u2019s very easy to do at their end,\u201d says Hanson. \u201cWe need to recognise that people who commit crimes online are harmful and impactful.\u201d<\/p>\n

\n

A proactive social media strategy should be followed, such as regularly checking for any cloned profiles. If any are found, the reporting mechanisms should be used for them to be taken down <\/figure>\n

<\/i> <\/p>\n<\/blockquote>\n

The Online Safety Bill<\/a> has been introduced to the UK Parliament and is currently at the committee stage. It includes a duty to prevent fraudulent advertising on the largest social media platforms, but only time will tell how effective it will be in tackling identity theft on social media.<\/p>\n

\u201cWe are determined to crack down on fraudsters and are introducing legislation to make digital identities as trusted and secure as official documents such as passports and driving licences, including setting up a new Office for Digital Identities and Attributes,\u201d says the Home Office.<\/p>\n

Until then, individuals and organisations with a social media presence need to maintain vigilance regarding account cloning to protect their brand and reputation. Having verified status will help in that regard, but this measure is not foolproof.<\/p>\n

Following his planned takeover of Twitter<\/a>, Elon Musk tweeted \u201cauthenticate all real humans\u201d<\/a>, which implies a push for more Twitter profiles to be verified in the future.<\/p>\n

In the current digital climate, a proactive social media strategy should be followed, such as regularly checking for any cloned profiles. If any are found, the reporting mechanisms should be used for them to be taken down. Screenshots of all comments and posts by the fraudulent account will provide further evidence of their illegal activity.<\/p>\n

However, there is only so much that social media users can do to protect themselves from identity theft on social media. \u201cThe main responsibility lies on the authorities and social media platform owners to create mechanisms that will allow them to quickly identify such cases,\u201d says Br\u00f3dka.<\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"

Earlier this year, Derbyshire-based freelance model Elle Jones was informed by acquaintances that they had been contacted by someone claiming to be her. Investigating, Jones discovered an Instagram account had been created mimicking her own profile, which offered pornographic content through a link. Jones reported the account, but two days later received an automated response […]<\/p>\n","protected":false},"author":1,"featured_media":36539,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-36538","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/36538","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=36538"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/36538\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/36539"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=36538"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=36538"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=36538"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}