Social media trolls and hackers know that spreading online propaganda is as easy as creating a fake profile. But how do fake accounts collect enough friends to pass for real?
It turns out they’re catfishing, and most of us are falling for it hook, line and sinker.
Over six months, Facebook found and suspended about 1.3 billion fake accounts – though another 66 million or more remain, and more are created every day. Anywhere from 9 to 15 percent of Twitter accounts may also have been created for the purpose of spreading online propaganda or trolling legitimate users.
In some cases, this goes beyond an annoyance to something truly sinister.
“In December 2017, German intelligence officials warned that Chinese agents using fake LinkedIn profiles were targeting more than 10,000 German government employees,” Arun Vishwanath wrote in The Conversation.
Israei military officials also accused Hamas operatives of creating fake accounts and luring IDF soldiers to download malware, he said.
Vishwanath set out to discover why fake accounts are so effective at spreading online propaganda and worse.
“The problem isn’t actually that people – and algorithms – create fake proiles online,” he wrote. “What’s really wrong is that other people fall for them.”
To see how big the problem was, he created fake accounts on Facebook and sent friend requests to 141 college students. He originally wanted to see if a certain type of fake account was more successful at snaring friends than others.
Instead, he discovered that only 30 percent of users outright rejected a fake friend request.
“When surveyed two weeks later, 52 percent of users were still considering approving the request. Nearly one in five – 18 percent – had accepted the request right away,” he wrote.
Of those who accepted the request, several shared personal information such as their home address and student ID number with their new “friend.”
The reason, Vishwanath found when he interviewed the friend-accepters, is that they trusted that each profile represented a real person.
“People told me they had thought the profile belonged to someone they knew, or possibly someone a friend knew. Not one person ever suspected the profile was a complete fabrication, expressly created to deceive them,” he wrote.
And that’s a big part of the problem. People who trust that profiles represent real humans – and not bots or intelligence agents playing a made-up persona – give that profile legitimacy. And once a profile has a few dozen “friends,” it looks more legitimate when it attempts to gain (and hack) more, or spread online propaganda through comments on public pages.
Users also trust social media platforms to weed out fake profiles, but they’ve failed to successfully catch them all.
“Furthermore, users who carelessly accept requests assuming their privacy controls protect them imperil other connections who haven’t set their controls as high,” Vishwanath wrote.
One way social media companies could help stem the spread of fake profiles and online propaganda is to institute new tools showing people the weak links in their social media networks: profiles who have gained an unusual number of new followers, sent or accepted an unusual number of friend requests, or been inactive for some time.
It’s not all up to the social media companies, though.
“Adults should learn – and teach children – how to examine connection requests carefully in order to protect their devices, profiles and posts from prying eyes, and themselves from being maliciously manipulated,” he wrote. “That includes reviewing connection requests during distraction-free periods of the day and using a computer rather than a smartphone to check out potential connections.”