Feeds

Twitter impostors stop at NOTHING to drag athletes through mud

@UsainBoltt: fanks 4 teh pr0n link lmao!!1

Choosing a cloud hosting partner with confidence

Analysis Malware-slingers and mischief-makers are ramping up the creation of fake celebrity profiles on social networks in time for the start of the Olympics on Friday. El Reg spoke to "reputation managers" of the stars about the problem.

Some of the fake profiles are harmless while others link to pictures of strippers and escorts and some punt straight-out scams – including links to scareware, inappropriate content (gambling sites, porn etc) – or attempt to solicit donations to fake charities, according to reputation management firm Social Impostor. In the worst cases, fake profiles might be used to induce users into sending inappropriate content, including but not limited to compromising pictures.

Social Impostor provides "reputation management" for high-profile punters' social network profiles. The company says it uses "proprietary technology" to find, report and remove fake social network profiles on behalf of actors, athletes, musicians, politicians, business people and their management teams. The company, which operates largely by word of mouth, has succeeded in taking down more than 8,000 fake profiles.

The firm searches for impostors on Facebook, MySpace, Twitter, Google+, YouTube, Formspring & LinkedIn. The details of identified impostors are submitted for removal via the protocols established by each network. Almost all the networks permit parody or satirical profiles, to a lesser or greater extent. Social Impostor targets fake profiles, leaving satirical social networker alone. Its automated system searches for variations in the spelling of the names of celebrities.

What's a malware slinger? And why are folks saying that about me?

A significant part of any celebrity brand is their reputation. Having a "verified" or "official" tag on a social network account doesn't eliminate impostors or the problems they create. Celebrity names and photos are used to create fake profiles and make posts on social network sites, sometimes resulting in negative media attention and confused fans.

Kevin Long, chief exec of Social Impostor, told El Reg that while it's surprising that people fall for it, there are thousands of fake celebrity profiles in circulation.

"We search various combinations of the celebrities' names (Mike instead of Michael) because, oftentimes, in order to try to get it up there without being noticed, the impostors will intentionally misspell the name, use numbers instead of letters (like a 1 instead of an l) or use the name in reverse order," Long explained. "We pick all of those up."

Social Impostor is tracking the number of fake accounts for designated Olympic athletes with an Olympic Impostor Index, based on the Celebrity Impostor Index it publishes on its website, for the duration of the Games.

These fake profiles can create a real problem for the athletes. The number of impostors is likely the increase as the athletes gain notoriety during the Games.

Who's winning the most-impersonated race?

For example US swimmer Michael Phelps has 229 impostors (compared to a 204 three weeks ago) and David Beckham has 937 (881 on 3 July). US basketball players Kobe Bryant (667) and LeBron James (638) are also frequently impersonated. Sprinter Usain Bolt has 152 social networking dopplegangers while Tour De France winner Bradley Wiggins only has three. Social Impostor is not working with any of these athletes.

While for some of the most famous athletes, social network impostors pose a problem all year round, for some emerging stars they are a new problem, and something that was far less of an issue in previous Olympic Games – when the use of Facebook and Twitter was less widespread. "The likes of Michael Phelps have problem even without the Olympics," Long noted. "It's part of the joys and pain of being popular."

The volume of impostor profiles in the case of actors, for example, peaks in the run-up to the release of a movie they are staring in or during awards season. "When their movie is in the news, impostors pop up," Long commented. Much the same happens for basketball stars during NBA playoffs, for example. It may be that gangs are involved in the creation of fake profiles on social networks but this remains unclear.

Twitter and Facebook are the primary venue for fake athlete profiles with Google+ coming in third. Formspring is "up there" for younger fake celebs accounts impersonating the likes of Justin Bieber and some of the teen bands (One Direction etc), but rarely get any results on there from any adults.

MySpace is "essentially dead", according to Long. "Few use it anymore for social network purposes (so the impostor results we find there are generally really old accounts that have never been taken down and haven't been used in a long time)," he said.

Fake athlete accounts on Twitter are often "people who are apparently strippers and/or prostitutes who are clearly using the popularity of people searching these names in order to get people to respond".  For example, there will be a scantily clad woman or even naked man/woman in the picture who would be listed under a popular celebrity name. "There are dozens of these if you search most high-profile celebrities' names," Long reports.

Going for gold

Faking profiles using the names of athletes is just one of many scams that have popped up in time for the Olympics. On Thursday, it emerged that 12 websites are being blocked by British authorities for the allegedly unauthorised sale of tens of thousands of tickets to the Olympics. Punters who bought tickets from the sites risk been refused entry to events.

As well as finding a bogus London Olympics 2012 Ticket site that was actually a phishing page, Trend Micro warns that other scams, including fake online contests for tickets, are likely to follow.

Jovi Umawing of GFI Software has done a good job of putting together a more comprehensive list of potential scams from from classic lottery scam mails, to fake tickets and phishing scams, to purported promos and malware-laden spam. One survey scam doing the rounds falsely offers the opportunity to win two free airline tickets to London to see the Olympic Games, for example.

In addition, GFI has spotted a scam punting mobile games circulating in Russia that falsely claim to be "official London 2012 games". In reality the fakes punt malicious Android Trojans.

General advice on staying safe online during the Olympics can be found on the official London Olympics’ Stay Safe Online page here. ®

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
NOT OK GOOGLE: Android images can conceal code
It's been fixed, but hordes won't have applied the upgrade
Apple grapple: Congress kills FBI's Cupertino crypto kybosh plan
Encryption would lead us all into a 'dark place', claim G-Men
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.