• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Security   »   Checking Identities in Social Network Friend Requests

Checking Identities in Social Network Friend Requests

  • Posted on:February 28, 2013
  • Posted in:Security
  • Posted by:
    Trend Micro
1

By Vic Hargrave

If you’ve been on Facebook or other social networking services for any length of time you’ve probably received friend requests from people you don’t know at all. This can happen to you even if your Facebook information is only visible to your immediate friends. Some of those friends may have exposed their information more publicly than you have, so strangers with whom they may have connected can see your profile.

Lately, threat researcher Jon Oliver, on whose team I work at Trend Micro, has been getting invitations from people unknown to him. He came up with a very simple method for checking the identity of people trying to friend him that gives a pretty good indication of whether the invitations are sent from real people or fake accounts that are trying to scam you.

Google Images Search is Your Friend

The key to the ID verification technique is Google Images which provides a mechanism on their website to lookup a picture on the Internet that you submit to the site. Google then returns any names it finds associated with the picture. Here’s an example of how this would work.

Let’s say you get an invitation to connect on Facebook or LinkeIn from Dr. Robert Dray here:

There is a LinkedIn profile for a Dr. Robert Dray that features this very picture.  He looks like a doctor doesn’t he? You might be tempted to connect with him just for that reason. But let’s check him out on Google Images. You can actually try this out on this image if you like.

  1. Right click on the above image – or one that you receive in a real invitation.
  2. Save the image to your desktop or some other easy to get at folder.
  3. Open your browser and navigate to Google Images.
  4. Click on the camera icon in the image search box just to the left of the blue search button.
  5. Click on the Upload an image link in the Search by Image box.
  6. Click on the Choose File button.
  7. Browse to the image file of Dr. Robert Dray that you saves in step 2.
  8. Observe the names you get back from Google.
Here are just some of the results I obtained for the Dr. Robert Dray image:

fake doc 

Notice there is no mention of Dr. Robert Dray in the results I’ve shown. Now if you saw all these images in the result set and they actually had the name you expected then that is pretty good indication that the person is for real. That doesn’t necessarily mean you want to connect with him, but at least you have a warm feeling the person is who he claims to be.

As it turns out this image is just a picture of some guy, who knows what his name really is. I conclude from this that the LinkedIn profile for Dr. Robert Dray is bogus and the picture was lifted from one of the sites shown above or some other site. The person who created this fake profile is most likely up to no good if he, she or they want to connect with you.

Another search to watch out for is the situation where the picture you submit returns multiple names. This is another sure sign of a fake account that is trying to connect with you.

Use This Technique to Filter Friend Requests

The example I used here is for LinkedIn but this technique is particularly powerful for Facebook. Remember once you friend people or use applications on Facebook you give these parties access to most, if not all, of your personal data.

So use Google Images to search for those pictures of people who want to friend you, but you are not sure who they are.  You might be surprised what you find out.

I work for Trend Micro and the opinions expressed here are my own.

For more tips and advice regarding Internet, mobile security and more, just “Like” Trend Micro Fearless Web Internet Security on Facebook at http://www.facebook.com/fearlessweb.

 

Related posts:

  1. Ask Vic — How do I hide my next Facebook post from certain friends on my list?
  2. Social Sharing Can Be Dangerous…
  3. Facebook changes privacy settings again…but is it a big issue?
  4. Using Trend Micro Security’s Privacy Scanner – Part 1: Social Network Privacy

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • New Report: Top Three Ways to Drive Boardroom Engagement around Cybersecurity Strategy
  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.