Twitter impostors stop at NOTHING to drag athletes through mud

@UsainBoltt: fanks 4 teh pr0n link lmao!!1

High performance access to file storage

Analysis Malware-slingers and mischief-makers are ramping up the creation of fake celebrity profiles on social networks in time for the start of the Olympics on Friday. El Reg spoke to "reputation managers" of the stars about the problem.

Some of the fake profiles are harmless while others link to pictures of strippers and escorts and some punt straight-out scams – including links to scareware, inappropriate content (gambling sites, porn etc) – or attempt to solicit donations to fake charities, according to reputation management firm Social Impostor. In the worst cases, fake profiles might be used to induce users into sending inappropriate content, including but not limited to compromising pictures.

Social Impostor provides "reputation management" for high-profile punters' social network profiles. The company says it uses "proprietary technology" to find, report and remove fake social network profiles on behalf of actors, athletes, musicians, politicians, business people and their management teams. The company, which operates largely by word of mouth, has succeeded in taking down more than 8,000 fake profiles.

The firm searches for impostors on Facebook, MySpace, Twitter, Google+, YouTube, Formspring & LinkedIn. The details of identified impostors are submitted for removal via the protocols established by each network. Almost all the networks permit parody or satirical profiles, to a lesser or greater extent. Social Impostor targets fake profiles, leaving satirical social networker alone. Its automated system searches for variations in the spelling of the names of celebrities.

What's a malware slinger? And why are folks saying that about me?

A significant part of any celebrity brand is their reputation. Having a "verified" or "official" tag on a social network account doesn't eliminate impostors or the problems they create. Celebrity names and photos are used to create fake profiles and make posts on social network sites, sometimes resulting in negative media attention and confused fans.

Kevin Long, chief exec of Social Impostor, told El Reg that while it's surprising that people fall for it, there are thousands of fake celebrity profiles in circulation.

"We search various combinations of the celebrities' names (Mike instead of Michael) because, oftentimes, in order to try to get it up there without being noticed, the impostors will intentionally misspell the name, use numbers instead of letters (like a 1 instead of an l) or use the name in reverse order," Long explained. "We pick all of those up."

Social Impostor is tracking the number of fake accounts for designated Olympic athletes with an Olympic Impostor Index, based on the Celebrity Impostor Index it publishes on its website, for the duration of the Games.

These fake profiles can create a real problem for the athletes. The number of impostors is likely the increase as the athletes gain notoriety during the Games.

Who's winning the most-impersonated race?

For example US swimmer Michael Phelps has 229 impostors (compared to a 204 three weeks ago) and David Beckham has 937 (881 on 3 July). US basketball players Kobe Bryant (667) and LeBron James (638) are also frequently impersonated. Sprinter Usain Bolt has 152 social networking dopplegangers while Tour De France winner Bradley Wiggins only has three. Social Impostor is not working with any of these athletes.

While for some of the most famous athletes, social network impostors pose a problem all year round, for some emerging stars they are a new problem, and something that was far less of an issue in previous Olympic Games – when the use of Facebook and Twitter was less widespread. "The likes of Michael Phelps have problem even without the Olympics," Long noted. "It's part of the joys and pain of being popular."

The volume of impostor profiles in the case of actors, for example, peaks in the run-up to the release of a movie they are staring in or during awards season. "When their movie is in the news, impostors pop up," Long commented. Much the same happens for basketball stars during NBA playoffs, for example. It may be that gangs are involved in the creation of fake profiles on social networks but this remains unclear.

Twitter and Facebook are the primary venue for fake athlete profiles with Google+ coming in third. Formspring is "up there" for younger fake celebs accounts impersonating the likes of Justin Bieber and some of the teen bands (One Direction etc), but rarely get any results on there from any adults.

MySpace is "essentially dead", according to Long. "Few use it anymore for social network purposes (so the impostor results we find there are generally really old accounts that have never been taken down and haven't been used in a long time)," he said.

Fake athlete accounts on Twitter are often "people who are apparently strippers and/or prostitutes who are clearly using the popularity of people searching these names in order to get people to respond".  For example, there will be a scantily clad woman or even naked man/woman in the picture who would be listed under a popular celebrity name. "There are dozens of these if you search most high-profile celebrities' names," Long reports.

Going for gold

Faking profiles using the names of athletes is just one of many scams that have popped up in time for the Olympics. On Thursday, it emerged that 12 websites are being blocked by British authorities for the allegedly unauthorised sale of tens of thousands of tickets to the Olympics. Punters who bought tickets from the sites risk been refused entry to events.

As well as finding a bogus London Olympics 2012 Ticket site that was actually a phishing page, Trend Micro warns that other scams, including fake online contests for tickets, are likely to follow.

Jovi Umawing of GFI Software has done a good job of putting together a more comprehensive list of potential scams from from classic lottery scam mails, to fake tickets and phishing scams, to purported promos and malware-laden spam. One survey scam doing the rounds falsely offers the opportunity to win two free airline tickets to London to see the Olympic Games, for example.

In addition, GFI has spotted a scam punting mobile games circulating in Russia that falsely claim to be "official London 2012 games". In reality the fakes punt malicious Android Trojans.

General advice on staying safe online during the Olympics can be found on the official London Olympics’ Stay Safe Online page here. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story


Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.