What is Facebook account cloning?
A form of identity theft in which a malicious attacker impersonates a legitimate user. This is done by creating a copy of the original account.
An attacker would most likely:
- create an account under the same name as the victim using a public email address (Gmail, Yahoo, etc.)
- copy all the pictures from the victim’s account and add them under the cloned one
- duplicate posts from the victim’s accounts
- get the list of favorite artists, songs, movies and replicate them under the cloned accounts
- get a list of all the friends
To make things easier, there are scripts available to do this with just a few clicks. One of them is FBPwn. It was written as a social engineering tool but we can safely assume that a sophisticated attacker will have better scripts and is probably able to duplicate posts in almost real time from the victim’s account.
The next step is to start adding as friends all the friends of the victim. In addition, the attacker may choose to block the victim and close relatives from viewing the cloned account and avoid detection.
What are the motives behind this?
To find the real motivation we need to differentiate between a private and a business person (which is a private person outside working hours but the attacker is mainly interested in the information that is related to his work).
For a private person, the main reasons behind account cloning are:
- Profit – ask favors, money or other stuff from the victim’s friends
- Revenge – which is another form of profit; the attacker will post on behalf of the victim compromising information or disclose (distorted) confidential information or extract information based on the trust relationship that he now has with the victim’s friends
- Fun – trolling is almost a sport and some people find the energy and resources to make fun of others
For a business person, the attacker’s reasons are more or less the same, but the stake is much higher:
- Profit – impersonating a legitimate user, the attacker can get access to confidential information from co-workers and spread distorted information for confusion; he can also try to social engineer his way to internal systems and credentials
- Revenge – a disgruntled employee can perform this sort of attack as a payback
- Discredit – a company may hire attackers to discredit their competition
This type of cloning can easily be extended over any social media platform like Twitter, LinkedIn, etc.
A motivated attacker will always find a way to duplicate in a credible manner a social media account given enough resources.
So, what can we do to prevent this?
Well, on one side, there is nothing preventing other people creating cloned accounts. However there are some preventive measures that one can take to limit the impact of a cloned account.
- Don’t accept people you don’t know as friends (you wouldn’t do that in the real life, so why do it in the virtual world?)
- Periodically review your friends list and delete the persons that don’t have a valid reason to be there
- Ask your friends not to accept a separate invitation to connect from you (the possible cloned account) without getting in contact with you offline
- To help your friends, announce them when you receive invitations from cloned accounts
- Divide your friends in interest groups (family, close friends, co-workers, etc.) and post information to the relevant groups
- Block cloned accounts by the email address used to register: https://www.facebook.com/help/115913751826993/
- Report cloned accounts: https://www.facebook.com/help/207209825981040/
- Limit the access to your data only to your friends (I’ll have a separate post to discuss the security settings of Facebook)