Over the past week, I’ve had a number of people share articles with me related to Facebook’s testing of a new feature that is purported to alert Facebook users when it finds that someone is impersonating your account. Once the user is alerted, that user is then able to report the fraudulent account and pray that Facebook will take it down. However, given my 8 years of experience with this problem, I feel that I am qualified to say that this approach will simply not work for a number of reasons.
- Facebook often fails to take down fraudulent profiles: While I have successfully had Facebook take down hundreds of fake profiles (I find several new ones each day), there are certain profiles that it simply does not take down. For instance, I’ve been trying to get Facebook to take down the account of “Trofimov Sergei” (a user who is clearly using a profile photo of me and my son) for over a year now. Yet, no matter how many times I report the account, the profile remains. More disturbing is the fact that if you search for “Trofimov Sergei” on Facebook, you will see dozens of fake accounts by the same name using stolen photos of other men. Most of the deception is done in private communication with the (potential) victims, but every once in a while, you will find a public post where the fraudsters are asking for money for a feigned illness. Luckily, there are many people (often former victims) who do uncover and share their knowledge of these fraudulent accounts in order to contain some of the damage.
- Scammers may use photos of your children as their profile photo: After hundreds of reports, Facebook still refuses to take down the account of “Nelson Colbert,” a scammer who is using photos of my children as a profile photo. When you report an impersonation in Facebook’s current reporting tool, you ultimately have to choose one of the following: A) “This timeline is pretending to be me or someone that I know”, or B) “This timeline is using a fake name.” I have been completely unsuccessful when using Option B, and I have had only limited success with Option A: when you choose this option, you are asked to identify the user who is being impersonated, but when I identify myself, Facebook quickly rejects the report as it is clear that I am not the person in the profile photo. I have attempted to use Facebook’s “Report An Underage Child” tool (which is only available in Canada after you logout, apparently), but this has also been completely unsuccessful. The most unnerving part of this particular profile is that I receive more reports about it from victims than I do about any other. In fact, there are literally dozens of pages of search results that relate to “Nelson Colbert” and this scammer’s involvement in fraudulent activities. Yet, it appears that Facebook has made this account untouchable. I suspect that the scammer behind it may have created falsified documentation to get the account validated internally.
- Scammers may use your elderly mother’s photo as their profile picture: These criminals often create sophisticated networks of friends and family in their schemes. For instance, the scammers created a fake profile using my mother’s photos and named her Maria Gallart. I cannot report this profile directly to Facebook; instead I am only able to report it to my mother to deal with it. I did so, and as you would imagine, the distress, anxiety, and uncertainty that this caused my nearly 80-year-old mother was not something that she needed nor something that she necessarily knew how to deal with. And even with my assistance, reporting the fraudulent account from my mother’s account (many times) has not led to the account being taken down.
- Facebook doesn’t always believe the “real” person in cases of identity fraud: Facebook has taken down my account twice because a scammer reported me as being the fake Alec Couros. In both cases, I had to submit my passport to Facebook via email for verification (which is incredibly problematic for security reasons). I am unsure of why I had to do this twice, and I am puzzled as to why my account wasn’t verified either time (even though I have applied for verified status). Facebook’s proposed system will have to rely on verifying an account using a secure, consistent, and foolproof system if it is to be successful. To date, the company has failed miserably in this respect.
- Facebook’s proposed system could give an advantage to the criminals: Fraudsters have often used photos of me that I have never previously used on Facebook. Based on the incomplete details provided so far about this new alert system, one might assume that if I were to use any of my personal photos after a scammer had done so, I would be the one flagged as an impersonator. Thus, the criminal might easily be regarded as having the authentic profile, which sounds like really bad news.
The Mashable article shared at the beginning of this post states that Facebook is rolling out these features as the company attempts to push its presence into regions of the world where “[impersonation] may have certain cultural or social ramifications” and “as part of ongoing efforts to make women around the world feel more safe using Facebook.” If that is the goal, Facebook’s proposed technology won’t help, and it may very well make things worse for women (or anyone) using the site. Already, Facebook is plagued with identity thieves who adversely affect the safety, comfort, and freedom of many of its users, and the problem will only continue to grow with these types of half-baked efforts. You may not be affected now, but unless Facebook does something to fully address this issue, you almost certainly will be.
I’ve written and spoken extensively about my problems with romance scammers, criminals who have used my photos (and the photos of many others) to create fake profiles and trick victims into sending them significant amounts of money. In my research, I’ve learned that many potential victims ask for a video chat with scammers as a way for them to prove their identities. In fact, participating in a video chat and then asking supposed suitors to perform particular actions on request (e.g., hold up two fingers on your left hand) is often touted on anti-scammer sites as a way to ensure that the person that you are talking to is in fact who they say they are and not a scammer who may be using recorded video as their video source (a common and frightening possibility).
Well, verifying identity online has just become even more complex. As you have already likely discovered, there are a number of freely available apps (e.g., Snapchat, FaceSwap Live, MSQRD) that allow for live face-swapping. In fact, MSQRD was recently purchased by Facebook, and there have been suggestions that face-swapping could become more directly integrated into the social network. If you have used one of these apps, you’ll likely agree that face-swapping can be a lot of fun, but these are fairly touchy/glitchy apps and their use could be easily detected. However, this may not be the case for long.
Researchers from Stanford University recently released a project that works to “animate the facial expressions of the target video by a source actor and re-renders the manipulated output video in a photo-realistic fashion.” The results are incredible, but the implications for identity theft are incredibly frightening, in effect allowing scammers to become puppet masters who manipulate the faces and bodies of their fake profile avatars. Takes the idea of “authentic identity” to a whole new level, doesn’t it?
For a number of years, I’ve enjoyed using Reddit as a source for my daily reading. Reddit, often known as “the front page of the Internet,” is often where one can find stories and trends before they go viral in the mainstream. As well, because of the networking and conversational properties of the spaces, I’ve often mused about the potential of Reddit as a space where educational conversations might be hosted and shared. There are several education-related subreddits (specifically-themed topics or communities) such as r/education and r/edtech, but these spaces tend to be a bit stagnant.
Just recently, my friend @j0hnburns (and colleagues) took on the idea of developing a new subreddit at r/NextSpace with the goal of creating a space where deeper conversations around edtech related topics could be hosted and shared. He’s written about the launch and has included the overall rationale, how to get to started with Reddit, and how to contribute to r/NextSpace.
To help with this launch, I’ve agreed to do an AMA (Ask Me Anything) starting on Monday March 14th, 8pm EST (or see your time conversion here). To participate, check out this AMA thread, ask questions (you can post them early if you like), upvote or downvote the questions or comments of others, and I will do my best to respond to whatever gets asked. I know I’m nowhere near as big of a draw as those who have led some of the most popular AMAs, but hey, I’d like to help in any way to get this started. Plus, I think I have a lot to share regarding my thoughts on edtech, digital citizenship, digital identity, or other related topics. And of course, an AMA is about what you contribute as well!
So I hope that you will give Reddit and r/NextSpace a try, and hopefully I’ll hear from you at the AMA next week!
Yesterday, I received the following Facebook message:
I posted this to my Facebook wall when I received it, and it was interesting to hear from several people who felt they might have been fooled had they received the same message. After nearly a decade of becoming familiar with the tricks of these scammers, I question just about every angle. While this was the first time that I have received a message like this, the motive for the message seemed obvious to me. A photo of me that verifies the date would make it possible for a scammer to “prove” they were really me (rather than just using old photos). As well, if I had Googled the name of the sender (like my colleague Katia did), I might have wondered how this famous Nigerian business woman had the time to message me personally (and perhaps even why she cared about a mere 150K).
Today, I was contacted by another person on Facebook who had heard from her friends that a profile with her name, photos, and identifying information was trying to friend many of them. Several reported this to be suspicious so she immediately warned her friends with a status update. I asked her where the fake profile was and she found it for me. What we noticed was really sneaky (and horrible).
See below, the real person’s profile:
Now, look at the fake profile:
Do you see the important difference? The profile and header photos are the same in each. The friend count is certainly different. But the big thing is the spelling of the name. The authentic profile is “Joy Brennan” (two ‘n’s) and the fake profile photo is “Joy Brenan” (one ‘n’). The especially sneaky part is that if you were to try and search for fake Facebook profiles with your photos and name, this would make these much more difficult to find.
So why would the scammers do something like this? My guess is that they were hoping to perform a scam such as the common “email hijack,” where members of an existing friends/family network could eventually be tricked into sending money due to a contrived distress call (e.g., I was robbed while traveling, please wire me money).
So there you have it – a couple more scams to be concerned about. Oh, and Facebook still isn’t doing anything about these problems.