Feeds

Twitter impostors stop at NOTHING to drag athletes through mud

@UsainBoltt: fanks 4 teh pr0n link lmao!!1

The Power of One eBook: Top reasons to choose HP BladeSystem

Analysis Malware-slingers and mischief-makers are ramping up the creation of fake celebrity profiles on social networks in time for the start of the Olympics on Friday. El Reg spoke to "reputation managers" of the stars about the problem.

Some of the fake profiles are harmless while others link to pictures of strippers and escorts and some punt straight-out scams – including links to scareware, inappropriate content (gambling sites, porn etc) – or attempt to solicit donations to fake charities, according to reputation management firm Social Impostor. In the worst cases, fake profiles might be used to induce users into sending inappropriate content, including but not limited to compromising pictures.

Social Impostor provides "reputation management" for high-profile punters' social network profiles. The company says it uses "proprietary technology" to find, report and remove fake social network profiles on behalf of actors, athletes, musicians, politicians, business people and their management teams. The company, which operates largely by word of mouth, has succeeded in taking down more than 8,000 fake profiles.

The firm searches for impostors on Facebook, MySpace, Twitter, Google+, YouTube, Formspring & LinkedIn. The details of identified impostors are submitted for removal via the protocols established by each network. Almost all the networks permit parody or satirical profiles, to a lesser or greater extent. Social Impostor targets fake profiles, leaving satirical social networker alone. Its automated system searches for variations in the spelling of the names of celebrities.

What's a malware slinger? And why are folks saying that about me?

A significant part of any celebrity brand is their reputation. Having a "verified" or "official" tag on a social network account doesn't eliminate impostors or the problems they create. Celebrity names and photos are used to create fake profiles and make posts on social network sites, sometimes resulting in negative media attention and confused fans.

Kevin Long, chief exec of Social Impostor, told El Reg that while it's surprising that people fall for it, there are thousands of fake celebrity profiles in circulation.

"We search various combinations of the celebrities' names (Mike instead of Michael) because, oftentimes, in order to try to get it up there without being noticed, the impostors will intentionally misspell the name, use numbers instead of letters (like a 1 instead of an l) or use the name in reverse order," Long explained. "We pick all of those up."

Social Impostor is tracking the number of fake accounts for designated Olympic athletes with an Olympic Impostor Index, based on the Celebrity Impostor Index it publishes on its website, for the duration of the Games.

These fake profiles can create a real problem for the athletes. The number of impostors is likely the increase as the athletes gain notoriety during the Games.

Who's winning the most-impersonated race?

For example US swimmer Michael Phelps has 229 impostors (compared to a 204 three weeks ago) and David Beckham has 937 (881 on 3 July). US basketball players Kobe Bryant (667) and LeBron James (638) are also frequently impersonated. Sprinter Usain Bolt has 152 social networking dopplegangers while Tour De France winner Bradley Wiggins only has three. Social Impostor is not working with any of these athletes.

While for some of the most famous athletes, social network impostors pose a problem all year round, for some emerging stars they are a new problem, and something that was far less of an issue in previous Olympic Games – when the use of Facebook and Twitter was less widespread. "The likes of Michael Phelps have problem even without the Olympics," Long noted. "It's part of the joys and pain of being popular."

The volume of impostor profiles in the case of actors, for example, peaks in the run-up to the release of a movie they are staring in or during awards season. "When their movie is in the news, impostors pop up," Long commented. Much the same happens for basketball stars during NBA playoffs, for example. It may be that gangs are involved in the creation of fake profiles on social networks but this remains unclear.

Twitter and Facebook are the primary venue for fake athlete profiles with Google+ coming in third. Formspring is "up there" for younger fake celebs accounts impersonating the likes of Justin Bieber and some of the teen bands (One Direction etc), but rarely get any results on there from any adults.

MySpace is "essentially dead", according to Long. "Few use it anymore for social network purposes (so the impostor results we find there are generally really old accounts that have never been taken down and haven't been used in a long time)," he said.

Fake athlete accounts on Twitter are often "people who are apparently strippers and/or prostitutes who are clearly using the popularity of people searching these names in order to get people to respond".  For example, there will be a scantily clad woman or even naked man/woman in the picture who would be listed under a popular celebrity name. "There are dozens of these if you search most high-profile celebrities' names," Long reports.

Going for gold

Faking profiles using the names of athletes is just one of many scams that have popped up in time for the Olympics. On Thursday, it emerged that 12 websites are being blocked by British authorities for the allegedly unauthorised sale of tens of thousands of tickets to the Olympics. Punters who bought tickets from the sites risk been refused entry to events.

As well as finding a bogus London Olympics 2012 Ticket site that was actually a phishing page, Trend Micro warns that other scams, including fake online contests for tickets, are likely to follow.

Jovi Umawing of GFI Software has done a good job of putting together a more comprehensive list of potential scams from from classic lottery scam mails, to fake tickets and phishing scams, to purported promos and malware-laden spam. One survey scam doing the rounds falsely offers the opportunity to win two free airline tickets to London to see the Olympic Games, for example.

In addition, GFI has spotted a scam punting mobile games circulating in Russia that falsely claim to be "official London 2012 games". In reality the fakes punt malicious Android Trojans.

General advice on staying safe online during the Olympics can be found on the official London Olympics’ Stay Safe Online page here. ®

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.