Who is able to produce:
Professional – Amateur – Anyone.
Good impersonation requires high skills, but even amateurs can create believable impersonation and trick other people. Befriending requires basic psychological knowledge and being good at reading other people.
Level of deception:
Low – Average – High – Very high.
Some impersonations are easy to spot. Some criminals will pretend to be a large organisation you likely are doing business with. In contrast, others will do more in-depth research into you and the company you work for and attempt to fool you into believing they are a company executive. It is hard to spot befriending at the beginning of such a process because it is no different from a friendly relationship. In later stages, when befriending person will try to use this relationship to his/her advantage, it becomes easier to spot.
Impersonation – imitation of someone actions, behaviour. Pretending to be someone else.
Befriending – posing as a friend (or friend to be) in social media with a purpose to deceive or to take advantage of (i.e. get personal info, photo, video).
Working principle (what and how does it do):
Usually, fake accounts are used for impersonation. These accounts imitate celebrities, existing brands or organisations, or random people. At times, the accounts can imitate friends, relatives or others who are close to the potential victim. Sometimes, instead of creating fake accounts, hackers target accounts of inactive users and use them to target the friends who are still active on the platform.
When creating accounts that impersonate celebrities or organisations, various social media platform loopholes are used. E.g. it’s possible to imitate a popular YouTube channel since the name displayed on YouTube channels, and YouTube accounts can be different from the actual account name. Within YouTube, users can send friend requests to anyone on the platform. Once accepted, they can send that person direct messages. This way, someone impersonating a famous YouTuber can send messages to subscribers, fooling people that the said star themselves contacted them.
Sometimes they send elementary messages informing the recipient that they’ve won something, inviting them to click links that potentially lead to scam or malicious sites. Other times these threat actors leveraged a combination of creative impersonation techniques, which boosted the legitimacy of their messages and improved the likelihood that users would click their links.
For befriending, both fake and real accounts may be used. But it depends on the medium in which befriending is happening, i.e. in online video games usually nicknames are used which does not give any information about the true identity of the person.
By using impersonation or befriending scammers can also trick people into:
- giving away money (by transferring them or “making a donation “);
- giving away sensitive information;
- downloading malicious software;
- visiting scam sites.
A typical impersonation attempt by cybercriminals is for them to pretend to be with one of the principal online players that you may pay a regular subscription fee to. Apple Music, Spotify, Netflix, and others are commonly seen. You’ll receive a breathlessly-worded message in your inbox warning you of some problem with your account. And if you don’t click right this second, they’ll have no choice but to lock you out of your account and block any further access. If you do click, you will be sent to a copycat website that looks similar (if not identical) to the impersonated company, and you will be asked to provide your login credentials.
Once you “log in” to the fake site, you will be asked to confirm all your billing details – but the criminals ask for far more information than you should be providing. They’ll ask for your complete mailing address, your full credit card details, including expiry and CVV code. Some will ask for other incredibly personal information like your mother’s maiden name and your Social Security Number. Everything a cybercriminal needs to steal your identity, open new accounts in your name, or take over some of your other accounts. Other cybercriminals will use similar techniques but claim to be from your bank or your cell phone carrier.
If someone is trying to convince you that they’re a celebrity, take the following precautions:
- Check out the identity of the person contacting you. Can you verify that they are who they say they are? If not, or if you’re unsure, stop corresponding and don’t do what they’re asking of you.
- If you’re contacted by a celebrity from their own social media account, carefully examine the account. Does it include the blue checkmark that verifies they are who they say they are? Does the information in the account correspond with news stories about this celebrity?
- Google the celebrity’s name plus the word “scam” to see what comes up.
- Consider reporting the matter to the social media site where you encountered this person.
Check the profile of new requests to connect or be friends, especially if you have only met the person online. Look out for:
- new profiles with limited content
- hidden friend or network lists or lists full of people of the opposite gender
- Don’t send money to someone you’ve never met in person.
- Be cautious when sharing personal pictures or videos, especially if you’ve never met them before in person. Scammers are known to blackmail their targets using compromising material.
- Don’t share personal information with someone you have never met in person.
- Do an image search of your admirer to see if they are who they say they are. Use image search services such as Google or TinEye.