If you’ve been on Facebook or other social networking services for any length of time you’ve probably received friend requests from people you don’t know at all. This can happen to you even if your Facebook information is only visible to your immediate friends. Some of those friends may have exposed their information more publicly than you have, so strangers with whom they may have connected can see your profile.
Lately, threat researcher Jon Oliver, on whose team I work at Trend Micro, has been getting invitations from people unknown to him. He came up with a very simple method for checking the identity of people trying to friend him that gives a pretty good indication of whether the invitations are sent from real people or fake accounts that are trying to scam you.
Google Images Search is Your Friend
The key to the ID verification technique is Google Images which provides a mechanism on their website to lookup a picture on the Internet that you submit to the site. Google then returns any names it finds associated with the picture. Here’s an example of how this would work.
Let’s say you get an invitation to connect on Facebook or LinkeIn from Dr. Robert Dray here:
There is a LinkedIn profile for a Dr. Robert Dray that features this very picture. He looks like a doctor doesn’t he? You might be tempted to connect with him just for that reason. But let’s check him out on Google Images. You can actually try this out on this image if you like.
- Right click on the above image – or one that you receive in a real invitation.
- Save the image to your desktop or some other easy to get at folder.
- Open your browser and navigate to Google Images.
- Click on the camera icon in the image search box just to the left of the blue search button.
- Click on the Upload an image link in the Search by Image box.
- Click on the Choose File button.
- Browse to the image file of Dr. Robert Dray that you saves in step 2.
- Observe the names you get back from Google.
Notice there is no mention of Dr. Robert Dray in the results I’ve shown. Now if you saw all these images in the result set and they actually had the name you expected then that is pretty good indication that the person is for real. That doesn’t necessarily mean you want to connect with him, but at least you have a warm feeling the person is who he claims to be.
As it turns out this image is just a picture of some guy, who knows what his name really is. I conclude from this that the LinkedIn profile for Dr. Robert Dray is bogus and the picture was lifted from one of the sites shown above or some other site. The person who created this fake profile is most likely up to no good if he, she or they want to connect with you.
Another search to watch out for is the situation where the picture you submit returns multiple names. This is another sure sign of a fake account that is trying to connect with you.
Use This Technique to Filter Friend Requests
The example I used here is for LinkedIn but this technique is particularly powerful for Facebook. Remember once you friend people or use applications on Facebook you give these parties access to most, if not all, of your personal data.
So use Google Images to search for those pictures of people who want to friend you, but you are not sure who they are. You might be surprised what you find out.
I work for Trend Micro and the opinions expressed here are my own.
For more tips and advice regarding Internet, mobile security and more, just “Like” Trend Micro Fearless Web Internet Security on Facebook at http://www.facebook.com/fearlessweb.
