Social media impersonations have become a very popular tactic to deploy online scams. Cybercriminals, fraudsters, and identity thieves alike pose as a trusted figure, such as a celebrity, corporate executive, or a well-known high-net worth individual, to try and trick unsuspecting people into taking an action, such as wiring money or sharing login credentials. 

For adversaries, social media impersonations are an appealing scheme, as creating a fake social profile isn’t an arduous task. All that’s needed are photos and information, most of which is already public or easily obtainable, to make their profile look and feel legitimate. From there, they can either mass-deploy, or micro-target messages, asking for whatever it is they want. 

Their actions are paying off – quite literally.

Cybercriminals have been able to trick victims into turning over millions of dollars by impersonating celebrities such as Blake Shelton and Chris Hemsworth. The AARP reported adversaries have found success scamming older adults by impersonating country music stars, including Toby Keith and George Strait.

In another example, the FTC found cryptocurrency holders lost $2 million to scammers who had impersonated Elon Musk over a six month period of time, simply by creating dummy Twitter profiles and uploading a few YouTube videos. 

Why social media impersonations continue to wreak havoc

Unlike with most other cyberattack techniques, cybercriminals don’t need to worry about spam filters, firewalls and other lines of defense when deploying social media impersonations. Despite the scale of the problem, both human and technical controls remain incomplete solutions. 

While social media moderation teams claim to do their best to remove fake accounts,  many aren’t identified or removed until it is too late. Facebook takes down billions of fake accounts each quarter, while Twitter estimates 5% of its users are not legitimate, although some argue the number of fake accounts is higher than that

Despite their efforts and those of individuals and security teams, there are still countless fake accounts populating social platforms. Facebook has been able to remove billions of phony profiles, but the company estimates that 5% of its total user base, or roughly 90 million accounts, are fake, while Instagram estimates there are around 95 million fake accounts on its platform.

How to spot social media spoofs

While social media impersonations can look legitimate, there are plenty of telltale signs to determine what’s real from what’s fake. The most common identifiers include: 

  • The account is not verified. On Instagram, Facebook and Twitter, keep an eye out for the blue checkmark
  • Slight misspelling of names to differentiate the impersonation from the original.  (Ex: M1ke instead of Mike)
  • Outdated profile pictures or use of low resolution images 
  • The profile has few followers, but the account is following a large number of profiles
  • All of the posts read similar to spam messages (asking for money, offering “free prizes” etc.). 
  • The posts contain misspellings and poor grammar
  • Few people like or comment on all of their posts 

While adversaries can impersonate a friend or family member, they are more often than not going to mimic a well-known person of prominence, prestige, or stature. Replicating what’s  familiar to a critical mass helps improve the odds that their target(s) will engage with their call-to-action. 

Prevent social media impersonations: Lock down your accounts, think before you post and look at your requests

While high-profile and high-net-worth individuals may be the most appealing target for social media account impersonation, just about everyone who uses social media is vulnerable to this scheme.

Last year, CNBC spoke with Bob Kurkjian, a military veteran who noticed his name, pictures and information had been used to create roughly 40 fake Instagram profiles in what he believed to be schemes to solicit money. Kurkjian isn’t a well-known celebrity or even a social media influencer. His instagram account only has 546 followers.

No matter your status or social media prominence, there are steps you can take to both protect your main accounts from impersonation and take action when coming across fake profiles.

Here’s what you can do to make your account an unappealing target for cybercriminals:
  • Set all of your social media profiles to private. Every social media platform has privacy and security settings that will ensure your profile can only be viewed by those you personally approve.
  • Do not list any personal information on your profile, and be careful what you post. Cybercriminals will leverage your posts to create a more convincing fake. 
  • Only accept friend requests from people you know. The recommendations above won’t be helpful if you allow an unknown person to view your profile. 
  • If you receive a request from someone you’ve already connected with, reach out to them directly. Someone may have created a fake of their profile.
If you discover a profile modeled after your own or someone you know, take these steps:

Battling social media impersonators must go beyond reporting phony profiles to the proper authorities. A big way to beat these adversaries is through proactive education. Talk to members of your family, particularly social media active children and those who may be less tech savvy, about the red flags highlighted above, and hold them accountable to following the recommended actions. 

If you’re interested in additional help protecting your social media life, contact us to learn about how digital executive protection can help prevent and detect social media impersonations.