Shadow Profiles on Facebook, Part 2

What are some easy things a person can do to vet the friend requests received on Facebook?

When you receive a “Friend” request, whether it comes from Facebook or from Facebook Messenger, the first thing you should do is to click through to view the person’s profile before you add them to your own. Just one look at some of these shadow profiles would certainly raise red flags, because the person requesting your “friendship” has very sparse information on the profile, often only a name and a picture. A typical “hack” like this involves a requester, who has set up a new profile in order to impersonate someone by using the personal details they already possess, namely, the profile of a real person to copy, and the name of a real-life friend of that real person to impersonate. In fact, you and the real person whose profile is being shadowed are likely already Facebook friends. The goal for this hacking and impersonation is to access more of the real person’s info and to accumulate more profile pictures, names, and friend lists, so they can turn around and impersonate more people.

How did someone get that profile picture and name?

Well, one might wonder that question. But there are many ways your profile picture and name get the attention of hackers. First of all, your name and picture are most likely available to anyone. How else is your 2nd-grade classmate going to find you on Facebook? Did you use your FB profile log-in to comment on a public blog at some point, or perhaps to comment on a letter to the editor from your online local newspaper, or maybe to review a cooking-tip post? Perhaps the scammer got the name because you liked something that wasn’t as legitimate as you thought when you clicked it through; there are a million ways people can get your name and profile picture from your public Facebook trail.

Remember, Facebook is a tool in which you can connect with friends near-and-far—in real-time—to see pictures and watch videos, but Facebook can also be a by-pass to your personal privacy and that of your friends. If and when you comment on or share posts from blogs of questionable sites, then along with the cute pic or video, you may have invited an unknown entity to reach behind some of your layers of privacy.

Actions once you find a “Shadow” Profile page

  1. Check your own friend’s list (or member’s list, if this is a group) to be sure that you are not already friends with the person who has sent the questionable request.
  2. Confirm any known details about the real person you know with the profile of the person you think might be a fake/shadow, such as checking whether the new profile uses the correct spellings for places or last names, or it includes the correct middle  or maiden names, birthplace, high schools, or other details.
  3. Check the other tabs such as “Photos” and “Friends” and ask, “Which mutual friends do I share with the person on that profile?” (if necessary, contact your friends to see if they know about the profile) and ask, “Who are their other friends?” For example, if the new profile’s other friends are all from someplace like Indonesia, where you know that your actual friend is unlikely to know many people, then that is a clue that something might not be as it should be. Also, ask yourself, “Does this person have the friends that you would expect them to have?” based on the details that you already know about the real friend’s life, relatives, location, activities, and job.
  4. Check how long that person has been on Facebook. A very recent profile without posts or details doesn’t jive with a friend request from someone that you know has been on Facebook for a much longer time and certainly should make you a bit suspicious.
  5. Keep emotionally charged rhetoric out of the path of your judgment. For example, most of us would cringe at the idea that we would accept a friend request from someone because they were really good looking or were a celebrity (“Why is Brad Pitt asking to be my friend?”), but too often, other emotionally charged visuals get past our common sense and we let people past our Facebook door, because they are “politicians or preachers with a name we recognize” or because they are wearing a military or police uniform in their profile picture or are holding what looks like their poor orphan children in Africa or they present another sympathetic persona whom we would wish to support. Don’t let emotion get past your common sense; scammers also know that such images raise your sympathy and hope to use such things to get past your guard.

What if I find that I have been “Friended” by a hacked profile?

If you think that you have been contacted by a shadow profiler or anyone that legitimately raises your suspicions (legitimate suspicions that must be rationally explained to Facebook), you can report such profiles to Facebook. Simply, click the suspicious profiler’s name to bring up their profile page, go to the top menu bar on the far right side, next to the word “Message,” and then, where you see the three dots (…), click them to bring out a drop-down menu, where you will see the word, “Report”; click and then follow the prompts, as needed to describe your concern. Facebook will look into the issue reported, and probably will ask you the name of the person whose account you believe was hacked in the first place.

Screen Shot top menu Bar Facebook to report

So that the real friends know they have been “hacked” by a shadow profiler, you can contact them yourself through a post on Facebook, through Facebook Messenger (IM), although FB will probably contact them. People usually want to know so they can warn their friends not to accept friend requests from a fake profile. You might want to post a warning on your own profile about it, to say, “I noticed that my friend, ‘So-and-so’ had a shadow profile set up in their name and here is what to do about it.” You might copy and paste a link to this blog entry so that the person knows more about what to do in the event that their profile was hacked by a shadow profiler. You can delete the shadow profile from off of your friends list, if you happened to already accept their “Friending,” once you have reported it to Facebook and have contacted your real friend.

If you are trying to figure out which profile was the shadow to delete and which was the real one to keep or to contact, you might check it through your own friend’s list, because after having recently clicked to “friend” the shadow, the fake shadow profile will probably be in your “Recently Added” Friends section, found at the “Top Menu Bar,” under the category of “Friends.” Probably, if you were friends with the real person’s profile for more than a couple of weeks and the fake friend’s profile for less than that, you will only have one of them–the fake–in your “Recently Added” section.

For more info on how to vet and verify the sources from which you choose to post, you might check out my blog post, “Verify Your Post on Social Media or google your questions, where you will find some interesting articles, such as this one on Journalists’ Resource,  “Tools for verifying and assessing the validity of social media and user-generated content” and there are many others such as “How to Report a hacked account” on the “Facebook Community Q & A pages.”

cartoon, Phishing lIcense bureau, Person behind the counter at the Phishing License bureau "Ok, you are under arrest" Customer in line: "Oh, I should have seen that coming."

Munroe, Randall. “Phishing License.” Xkcd.com. N.p., n.d. Web. 19 July 2016. <https://xkcd.com/1694/&gt;.

Shadow Profiles on Facebook, Part 1

Strangers at the door

As a website content manager, blogger, and administrator for social media and Facebook groups, I am constantly having to evaluate whether to accept or delete the many individual requests from people around the world and the nation who want to join these groups or who want to friend me personally. Sometimes, these requests from strangers come in waves. For example, I might get ten requests this week from people who live in Nigeria; next week, maybe ten from somewhere in Central America, or ten the next week from men wearing a US military uniform. Who are these people? Strangers? I have no idea who they are!

FB is a great tool for what it does correctly—connect people in conversation through a joint virtual space, but FB is not a “Friend” to us when we fail to use due diligence in researching the identity of those persons asking to be our friend. What are some tips in this regard to help the people that may not be social-media savvy enough to protect themselves and their virtual friends on Facebook?

If you give someone access to your Facebook page, it is like opening the doors of the entryway of your house. If someone looks suspicious through your door’s peephole, you are not likely to let them in. You can be tricked when someone gets past your doorway defenses by convincing you that they are not suspicious. Each of us has the responsibility to at least try to verify the identity of those people or “Friends” whom we let past our doors.

 Entry points 

There are lots of ways we let people into our Facebook houses. We “click through” ads or  we “like” a promoted page. We also give access to our “houses” by posting on our own FB pages. When we share a post, it is like we are accompanying it through the door of our friend’s houses, right alongside our own reputation for accuracy and truth. Not everyone sees this as a fact, but it is true. A shared post that looks good and is slickly produced doesn’t seem to have to merit that same value for truth as we appreciate in its value for coolness. However, a good looking post might not be true or worth the time it takes to share it. We certainly should not share anything, without checking where it came from; we might be letting past our doors–and past our friends’ doors–a wolf in sheep’s clothing. If you are interested in finding out more about what I might mean with that, check out this blog, “Quizzing the Quizzes, Part 1 & Part 2” at susanwlavelle.com.

Verify as best you can

Specifically, for people that don’t know this already, if someone asks to friend you, you should verify who they are as best you can. I am not suggesting that you hire a private eye or do a background check on everyone who asks to “Friend” you, anymore than you do that for the people that you let in your entry hall. Rather, I am suggesting that you do the simple things that you can easily do to check if they are the person that they say they are. Someone may still get past your efforts, which is why you don’t put your personal or financial details online—just in case someone has gotten onto your friend’s list who is not who they are supposed to be.

This is the reason that you don’t want to share—or let someone else share—your cool pictures from Aruba while you are still laying on the beach, because you don’t know who will see it and decide to check out your empty house before you return. If you have a fantastic, world-class security system that can handle anything, then fine, go ahead and post away while you are gone. For most of us, however, waiting until you get back is soon enough to post those fun pics.

Easy ways to vet a profile

So, what are some easy things a person can do to vet the friend requests received on Facebook and prevent hacking your friend’s and your own profile? A big way that profiles are “hacked” is when legitimate pictures and details from real profile pages are poached off a real page (copied and/or downloaded) and then used to set up shadow profiles of legitimate users; the scammers then send out friend requests from that shadow profile to that original and real person’s friends, in order to get the person’s friends to also “friend” the shadow profile. Our memories don’t always register that we are already so-and-so’s friend when we glance at these shadow requests; often, we just click without thinking or doing any checks about the validity of the request. I have done it myself several times. However, whenever you receive a Friend request, whether it is from Facebook or on Facebook Messenger, the first thing you should do is to click through the requester’s name to look at that profile before you add them to your own friend’s list. If you think that you are friends already, chances are, you are friends already.

These few tips should become a natural part of our Facebook home life; many users already do all these things and more, but some do not. Nothing will guarantee that you will be protected from scammers who invade your Facebook house intending to gain your confidence and to gain your contact list and their info. However, becoming a better citizen of the Facebook community will help you be a better friend to your “Friends” and to your self. Check out my next post, “Shadow Profiles on Facebook, Part 2.”

shadow-in-doorway

Quizzing your Quizzes: Verify your “Shares” on Facebook, Part 2

And what about all those posts, blogs, and articles that we share on FB? Can I investigate more thoroughly before I click share? Here are just a couple of things worth considering when investigating the sources of what we post:

Dandelion Silhouettes with Flying Seeds http://www.freepik.com/

Everyone needs to be more careful to choose which posts, blogs, and websites they are willing to expose their friends and family to through electronic media sharing.

What is the actual address of that website? The legitimacy of a shared posting or shared quiz, such as that game, coupon, or other marketed post you want to share with your FB friends, will almost surely show on the actual domain name of the website that you have clicked to from the shared post, quiz, or blog article. To find that out, click on the address bar in your browser (i.e., box at the top of that webpage) of any website to look at the full domain name on the URL (i.e., entire http//:www.address); if that web address looks fishy (i.e., it doesn’t sound like the kind of address that matches that company’s real website or the address doesn’t look like it matches any legitimate-looking company), the website might not really be sponsored by the company you think that you are clicking to, but actually something about it might be false. If the article or blog post says it is from some or another news source, like the New York Times, then if the website or Facebook page is a little off from that, say, “Newyourk Times” or some such, pay attention to that and be warned.

A caveat to that point is that sometimes the web address of a company doesn’t necessarily look like a match to a site. This might happen for several reasons, since sites are hosted in lots of various ways, including those free hosting sites that want to include some of their business’ name in the web address; also, some hosting companies or some parent companies of businesses have domain names that rule over the whole organization. For example, a daughter company or a company that merged or was bought out might have a website name that reflects the larger corporate entity of which the site you want is only a small part. Also URLs/web addresses have always been dispensed on a first-come, first-serve basis to whoever pays for the name, even if they have nothing to do with the actual company; in this case, some individual was able to get a jump on a name and then sort of hold it for ransom to the highest bidder, so sometimes the name someone wants is simply already owned. However,  most large companies, like Target or Coke, pay for the URL or website name that they want and own the legitimate web addresses to match pretty well with their name. In most cases, whatever entity is trying to drive you to its website, should have a website or domain name that makes sense to you. In other words, what you think is a “funny” or not matching web address, might not really be funny at all; therefore, matching the name to the site is a yellow light for skepticism, but not a full stop sign.

A bigger flashing light to raise our skepticism about the originator of a shared article or posting: after following back on a shared post, worry if you find that the website that shared it doesn’t contain any findable identifying information that indicates the identity of the site or the articles’ publishers or authors. If a website hasn’t posted any information about who they are, such as is found on an “About page,” a “Contact us” page, or an “Archive” or “History” page, then be skeptical about whatever they are publishing or sharing. Everything published should be verifiable and subject to reasonable push-back, whether the information sets the date for the original publication, research study, or the names and qualification of the author or researcher. “Who said that? Why should I believe them? What are their credentials?” are essential questions that always need answers. If no answers to these questions can be determined from the site, don’t bother sharing items from that site. Some sites welcome feedback and host discussion forums about the topics addressed. Reading through this feedback can enrich the experience on the website, but of course often, there is a lot of garbage found on such discussions. When you are sharing articles, don’t forget that you are also sharing the discussion boards, the ads, the other links that are on that website, so anything you share, will also share whatever links to that link. These links are a chain; we are talking about the metaphor of a “web,” after all.  You could unknowingly be linking your family and friends to a chain of inaccurate or unsupported information .

Also, if the originating dates of the blogs, postings, or articles you find on these sites are older than a year or two, or if the articles don’t have any supporting evidence, such as the citations for the references to their claims, then I would not share anything from that website (or believe anything that they say, actually). Frequently, I have seen someone share an “article” on FB, that when “clicked,” shows a website or a blog that paraphrases or quotes another blog or website, that when clicked, leads to a seemingly endless chain of websites/blogs/links that have quoted from that same article, but none of them have ever attributed the work to an author or a date or an original published source for the material. If you do happen to follow all of this and find the beginning link in the chain, often you will find yourself several years—if not decades—into old material with a questionable validity to begin with and one that has clearly become outdated. Sadly, the lie, the debunked, and the misinformed have an “eternal” life online, because the unsubstantiated, the inaccurate, and the outdated are linked and shared unendingly.

Quizzing your Quizzes: Verify your “Shares” on Facebook, Part 1

Do you ever worry about all those quizzes shared on FB? What some of these quiz sites might really want is your information—the information that you don’t generally share with strangers, such as access to your FB page and your contacts’ list.

Munroe, Randall. “Xkcd: Communication.” Web log post. Xkcd: Communication. Copyright Creative Commons, Web. 13 April 2015. http://xkcd.com/1511/

Munroe, Randall. “Xkcd: Communication.” Web log post. Xkcd: Communication. Copyright Creative Commons, Web. 13 April 2015. http://xkcd.com/1511/

I have taken some of these quizzes myself. They are almost irresistible and usually quite self-congratulating, but recently, something was a bit odd about a quiz that I had just taken. It seemed a bit suspicious that I, as well as all of my friends taking the quiz, started posting that everyone had received scores of 100% correct, even though some of the questions had been quite obscure. (After all, who, besides me, knows anything about the Muscovite princes?) This result raised my curiosity and made me suspicious in a way that I probably should have been already.  I decided to stop taking the quizzes altogether. These quizzes seem to pop-up with an increasing rapidity, with their fun and attractive topics that appeal to everyone in an upbeat style and eye-catching images—favorite Disney princesses, favorite Beatle’s songs, favorite movies, favorite states, favorite form of mineral deposit—all just part of the fun and appeal of Facebook. However, who of us ever asks any questions about the things that we “Share” with each other, including these quizzes? How many of us ask, “Who is behind this?” or “Why should I give that nameless entity access to all of my ‘Friends and contacts?”

And what about all those posts, blogs, and articles that we share on FB? Can I investigate more thoroughly before I click share? Here are just a couple of things worth considering when investigating the sources of what we post:

First of all, you can copy the source or name associated with the FB quiz or website, by opening up a tab in your browser and pasting that name in a search box (or in other words, googling it). Sometimes that site or web address will have been researched already by people who have reviewed it to praise or debunk it. This first and most basic stop on the way to validating the legitimacy of a site is rarely even reached by most people. Do you think of this before you share something on Social Media?

Most people, unfortunately, see something, and “click”—share it. Googling Snopes.com or urbanlegends.about.com or charitynavigator.org or else, just trying to get some further and more objective information about the source of a post or quiz, should be the first step in satisfying my most basic need for verification and curiosity. If you think something is interesting, make sure that it really is worth sharing.

Additionally, the FB professional page of a legitimate source, such as a well-known company, will clearly show an appropriate number of followers to match their prominence (i.e., millions of followers for a major business, thousands or hundreds of followers for a local one) and their FB business page will click back to their real, working website and other social media (i.e., the Coca-cola business page will click back to their site where you can sign up for their legitimate Twitter stream; my professional page, “Susan W. LaVelle, Information Design” will show you my website, susanwlavelle.com, and clicking to my website, will show a live feed for my FB professional page and Twitter feed, both of which will link you back to my websites). Anything requested or shared on FB would more likely be found as legit if it links to the connections that legitimate that site as a reliable source. Finding openness and clarity helps to verify that the Facebook page that you are sharing from is actually what you think it to be.

On the Recent Idea of Banning the Word, “Bossy,” Part 2

I was one of the first people to comment on this discussion in an online forum and after following the postings placed after I made my comment (see my blog posting), I wanted to remind us all, men and women, how easy it is to be deceived into believing that the critiques of others are unjustified, because “we are just misunderstood” or because other people are holding us back. Have you manipulated people, telling them what to do without listening to them, imposing your own agenda without thinking of the greater good, and in general, not using the people skills that make other people feel valued? Maybe your demeanor is making people feel uncomfortable and “bossed around?”

Women should be empowered and not held back, but since most of what happens in the world today—at work or in life—happens on teams, they should learn how to work well with people. Teams need leaders, but teams need leaders that communicate well with others. “Bossy” is a word primarily about communication and the communicator’s demeanor; although obviously this word is a hurtful slur used to demean, “bossy” primarily describes a demeanor by which most people would not like to be led, whether the leader is a woman or man.

Name-callers use the word “bossy” against women who step up to lead using ambition, self-direction, and their intelligence or talents in the world or workplace, but sometimes women and men use an ineffective and bossy-style, without listening to others and neglecting to build a team. Shouldn’t our focus be more on helping our girls become leaders and good communicators in whatever situation they find themselves? If so, then girls need to be taught how to communicate excellently and how to evaluate the criticism they receive for their failures to communicate or lead. Girls need to learn to become self-evaluators, rather than to become self-justifiers. Successful people learn from their mistakes.

As women, we will be criticized, rightly or wrongly, but what we do with that criticism will determine our growth—if criticism is misplaced, we grow in stature by rising above it, if the criticism is deserved, in full or in part, we grow by acknowledging our mistakes, changing our behaviors, and learning from the process. Girls need to be taught how to believe in themselves so that they are not crushed when misunderstood, but also, how to see life as a process wherein we must learn truth about ourselves in order to grow and do better. Honest self-examination is required in order to sort out what part of the criticism we receive is justified and what part is not.

The age we live in is not one of self-examination, but one of self-justification, but true leaders take on this challenge to learn from their mistakes.

On the Recent Idea of Banning the Word, “Bossy” Part 1

In the recent discussions of banning the word “bossy,”* I sincerely hope that both women and men would conduct a self-examination of their own leadership style.

There is no need for anyone to defend the word, “bossy,” as if the characteristics the word usually reflects are desirous; or to attack it, as if the use of this word can only reflect the user’s poor view on ambitious women. Ambition is one thing, but there is a huge difference between the effects of someone’s ambition and what we usually “feel” when someone is “bossy” because such a person makes us feel manipulated, un-respected, and walked over. No one should be defending that sort of negative, “bossy” behavior, as if leadership or management require it. We have all met people of either gender, who are confused about how to lead others, thinking that the need to support their own importance gives them a license to tear others down.

We should all be sure that no one has genuine reason to accuse us of being a bossy person, because the connotations of the word have more to do with a lack on our part, not our gifts, no matter our gender.


* Drexler, Peggy. “Sheryl Sandberg wrong on ‘bossy’ ban.” CNN. 01 Jan. 1970. Cable News Network. 13 Mar. 2014 <http://www.cnn.com/2014/03/11/opinion/drexler-sandberg-bossy/>.

Mcfadden, Cynthia, and Jake Whitman. “Sheryl Sandberg Launches ‘Ban Bossy’ Campaign to Empower Girls to Lead.” Video blog post. ABC News. 10 Mar. 2014. 14 Mar. 2014 <http://abcnews.go.com/US/sheryl-sandberg-launches-ban-bossy-campaign-empower-girls/story?id=22819181>.

Rogers, Katie, and Ruth Spencer. “‘Banning bossy isn’t the answer’: What real parents say about Sandberg’s plan.” Theguardian.com. 13 Mar. 2014. Guardian News and Media. 14 Mar. 2014 <http://www.theguardian.com/commentisfree/2014/mar/13/ban-bossy-sheryl-sandberg-quotes-real-parents>.

Wente, Margaret. “Ban ‘bossy’? Suck it up, girlsAdd to …” The Globe and Mail. 14 Mar. 2014 <http://www.theglobeandmail.com/globe-debate/ban-bossy-suck-it-up-girls/article17470665/>.