Profile Cloning: Mitigations to Stay Simultaneously Safe and Popular

All of us love to exhibit our hobbies, achievements, and abilities. Browsing through social media sites like Facebook and Instagram — you will find loads of public profiles or semi-public profiles (private profiles with public pictures) at risk of being cloned. Profile cloning is the topic of this article that may save your lives from digital character impersonation and even character assassination.

Those Who Have No Choice but to be Vulnerable  

Certain people (read: public figures) have no choice but to remain vulnerable — since it may be impossible for them to have private or minimized social media profiles due to their nature of work e.g., celebrities, marketing agents, insurance agents, country/political leaders, and whatnots. And actually, in certain context, some public figures’ professions are a lot safer from profile cloning consequences, because of their “unreachable and exclusive” image. 

Let’s say you receive a message on Facebook or Instagram that impersonates Britney Spears, it is very likely you will not fall it. If you are an ordinary person like me (non-celebrity), your immediate thought would probably be “No this can’t be Britney Spears, I have no affair with her, it’s definitely a scammer.” Therefore, you could have another wonderful scam-free day.

The same ‘presumption of innocence’ privilege cannot be earned by ordinary people since most ordinary people have no “exclusive” image about them. Therefore, impersonating them would be more likely to generate response. However, the probability of success is subject to the type of relationship between the cloned profile and the target victim, it could be family tie (the likeliest to get response), friendship (very likely to get response although with considerable alertness from the target), business/work relation (very likely to get response, especially if received from a superior), or stranger trying to establish relation like the one commonly exists in social media and online dating applications. A good tips for a safe online dating practice is to suspect profiles with ridiculously smooth magazine-quality photos.  

The Consequences

We’ve all heard about these two worldwide famous scams: online money scam and online love scam. They are extremely common, which quite makes the sense since humans are thriving for money and love. Many people would pay for love or the other way around — love for money. The next question is: “How did people fall for such scams?”. Firstly, it takes convincing the victim for such crime to proceed to the next stage, which is delivery of a favour, and then voila! A crime is successfully committed and very hard to trace, especially if it involves international money transfer. Lately, Malaysian media have been reporting cases related to ‘love scam’ which led victims losing up to millions of ringgit via online money transfer. See this article as an example.

Possible Profile Cloning Scenarios

Let’s take a look briefly at below figure that depicts few scenarios of profile cloning.

In Figure 1 above, the first segment at the top represents an unethical activity that digs your Facebook and Instagram profiles looking for biographical data and/or public photos. Subsequently, an imposter creates a fake social media profile to trick your friends or even strangers into thinking that it is you (a decent person who just uses social media for maintaining or expanding current social connection).

The second segment in Figure 1 represents the similar activity, but instead of cloning your profile on Facebook, it is done on Instagram (be careful of who you follow!). While the third segment is the most villainous of all: cloning your profile on multiple social media i.e., Facebook, Instagram, Tinder, and God knows what-else. Afterwards, the online money scam and love scam mentioned in the previous section may be made possible to initiate. 

Are you afraid now? You should be! But there is good news! We can keep you popular and safe at the same time. Let me explain in the next section.

Mitigations of Profile Cloning

Prevention is the best way to mitigate profile cloning and it is part of three-pronged cybersecurity strategy developed by Malaysia Digital Economy Corporation (MDEC). HELP University as a Premier Digital Tech Institution (PDTI) member has adopted the recommended mitigations in this article.

Depending on how safe and popular you want to be, there are preventive mitigations that may suit your needs as follows:

1. Super-safe and super-private profile: Set your profile private and don’t put any profile picture. With this highly discrete social media profile, the only thing an outsider may know is your name (if you indeed use your real name on your profile). This setting would still allow you to interact with your inner social circle that you have already added to your friends list. Furthermore, you may also exclude profile picture from your other communication media e.g., email account, LinkedIn account (I saw companies’ C-level staff exclude profile picture from their LinkedIn profiles — smart move!), WhatsApp account, and whatever chatting apps you are on. Moreover, you may restrict your profile name too to only display first name or first name plus the first letter of your last name.
   
2. Very-safe and slightly well-known profile: Set your profile private and put a profile picture, but set it with “friends-only” privilege, so only your friends could view your profile picture in full size. Additionally, I suggest to avoid putting your face-only or close-up photo as your profile picture as this would still generate clear face visualization if it gets screenshot. Some examples of safe profile picture where your face looks tiny and a bit unclear are those activity-based pictures e.g., riding bicycle, sea surfing, stakeboarding, rollerblading, etc. See! You could still look fabulously cool and popular while remaining safe.
   
3. Safe and well-known profile: In case you use your social media for self-promotion or publication, then you would probably put your clear facial picture, real full name, and publicize certain data such as workplace, current location, and even mobile number. BUT, keep these data secret: date of birth and family members/relationships — This will shield your loved ones from being targeted. Also, try not to put a group picture unless it is really necessary; there could be someone in the group picture that could be targeted. I have seen a common smart strategy where the other people’s faces are blurred or covered to protect their privacy. This is a decent and respectable thing to do.

For the third mitigation above, the ‘safe’ word is an overstatement, because when you put your photos and data for public, then you must be mentally and legally ready to face the consequences of profile cloning . I have seen profile cloning happen to my own circle of friends; both on Facebook and Instagram. The quickest mitigation after such crime is detected is to report it to the social media customer service and notify your inner circle (friends, family, colleagues, etc) that somebody has impersonated your profile, hence they can be vigilant of upcoming scam attempt. If serious enough, consider making police report; there is cyber crime unit in the police department that may assist your case.

What to Do If You Suspect Scam Attempt

In case you suspect a scam is being attempted towards to you, for example: you receive an email claiming to be from your direct superior asking to borrow money, then verify it by a phone call to him/her. Or if your online-dating match asks you for a financial favor, then brace your heart and switch on your logic and realize the anomaly. Excitement from knowing new people is normal, but keep your senses alert!.

Conclusion

Profile cloning is very common and people with public or semi-public social media profiles are the most vulnerable to it. The risk can be minimized by reducing the exposure of our social media profiles. Total protection does not exist since we more or less share our data with public. Scrutinize any digital communication and respond considerably. 

References

About the writer:
Okta Nurika, BSc. Hons (BIS) (University of East London), MSc in IT (Universiti Teknologi PETRONAS), PhD in IT (Universiti Teknologi PETRONAS).

Okta Nurika has worked in the tech industry as a network engineer, software test analyst, and software project lead. He has accomplished major telecommunication and software projects in Indonesia, Malaysia, Sri Lanka, Australia, and South Africa. He also has served as an Internet of Things (IoT) assessment consultant in collaboration with TM Forum, a global association of organizations driving digital transformation in telecommunication industry. His published journals and conference papers are related to computer networks, simulation models, and machine learning - mainly optimizations with genetic algorithms. He has experiences in teaching cybersecurity, programming, project management and database management subjects.

Dr Okta Nurika currently works as a Senior Lecturer at HELP University.

References:

https://www.nst.com.my/news/crime-courts/2021/04/682894/woman-loses-rm27-million-love-scam-american-pilot
https://mdec.my/digital-economy-initiatives/for-the-industry/for-small-medium-enterprise-sme/matrix/