Almost everyone is on social media; at least, that’s how it may feel in today’s age. Most people who use the internet have some form of social media, whether that’s Instagram, TikTok, Facebook, or belonging to a social forum.
Many social media users operate multiple forms of accounts — up to six accounts on various platforms — because each one provides a different experience and can give access to certain people, companies, interests, and hobbies.
However, the increased use of the internet and social media can lead to some safety issues, which we rely on the help of the platforms to help reduce. Instances of bad behavior, inappropriate posts, and spam are left to the social media giants to filter out and rely on the community to report such instances.
The unfortunate truth is that platforms are always playing catch-up with those who misuse their apps and websites. Scammers, bad actors, and hackers are constantly looking for ways to bypass security measures and turn the multi-billion dollar industry into something they can use for their own gain.
If you’ve spent much time on the internet or social media apps, the issue of impersonation has likely come up. Behavior may have been called out in a post, a notification from the app, or when a friend with a second profile adds you despite having just been active.
The issue of impersonation is thanks to the simplicity of social media, which makes it widely accessible to the general public. One of the greatest strengths of social media is its weakness; anyone can create an account. The low barrier for entry means that people can make accounts and interact with others for almost any reason.
Because anyone can make an account there’s a risk of impersonation. Account profiles can be unique to a person, representing them fully.
Business accounts can exist for a brand or company so that they can interact with their patrons or fans. Some accounts can exist as a complete persona, independent of any real person or brand.
What Is Social Media Impersonation?
Social media impersonation occurs when someone creates an account intended to represent someone else. It could be for potentially innocent or nefarious practices. One thing to clarify is that impersonation shouldn’t be confused with identity theft.
Identity theft can be a byproduct of impersonation, where the intention is to steal that person’s identity by tricking others into gaining information that compromises their target’s accounts. Impersonation, like identity theft, can still be harmful because it misleads people to believe that the person they’re dealing with online is the same person being displayed in the account.
Someone running an impersonation account could be in the vein of a fan account. Fans often make accounts that impersonate someone they admire, like a person or a character, and can be done with no real ill intent. Even with no implication of inflicting harm, these impersonation accounts can still be confusing to someone who isn’t aware that the account is satirical or a fan account.
But what is the legality of an impersonation account? Strictly speaking, there is nothing illegal about someone making an account under someone else’s name or brand, at least on the surface.
Some social media platforms make impersonation a violation of their terms of service. But left unchecked, it can be difficult to determine when an account genuinely belongs to the person they claim to be.
What can turn impersonation into a legal issue is if the impersonator is being malicious and looking to commit fraud. The consequences of impersonation can vary depending on the country and state. If the person who commits malicious impersonation lives in a state or country that enforces it, they could face jail time.
Social Media Impersonator Tactics
Someone looking to commit social media impersonation will need to build a convincing profile of their victim. They may take pictures and information directly from an existing account. If the person or brand has an account on Instagram, they may directly copy the images and text of that profile onto the one they control.
In some instances, there may be a person or brand that operates on one social media platform but not another. This can be a golden opportunity for fraudsters because they can copy the text, images, and videos within posts on one social media platform and put them on another. This will lead friends or fans of the account on one platform to believe this new account on another platform is legitimate.
A scammer targeting an individual will likely pull information from another account. This can be done to catfish, perform phishing scams, or blackmail other users. These tactics can affect both the impersonated person and the people targeted by the scammer, causing emotional distress and potential financial losses for one or both people.
Fraudsters looking to impersonate a business can damage the brand itself. A normally trusted brand can experience significant issues when a scammer impersonates them and misleads their customers or fanbase. A bad actor would portray their support to customers in a harmful way by asking for information that compromises their safety and security.
Social media influencers sit between an individual and a business. Oftentimes, the person is the brand, and they will be a legal business operating under their influence.
Fake accounts can look to leverage their following and content to push their own agenda. The scammers will look to mislead the fans and monetize this confusion.
Social Media Impersonation Scams
Social media impersonators are most often looking to make money from their efforts. Depending on whether they’re targeting a person, brand, or influencer, the scam may vary.
Let’s break down the scams by type of account.
Individual Impersonation Scams
A scammer looking to impersonate an individual will likely be looking to catfish others or perform a phishing scam. Catfishing is when a scammer uses another person’s images, videos, and information to mislead someone else. This can be in the context of a romance scam where the scammer wants their victim to believe that there is a level of romantic intention.
The scammer may convince their victim to send along sensitive personal information, send money, or provide sexual content. Sexual content can be used to blackmail their victim, while personal information can be used to compromise their identity.
If the intent is to use sexual content to extort their victim, the scheme moves into the sextortion realm. Personal information can be used to compromise their victim’s identity and commit identity theft.
Company and Brand Impersonation Scams
With brands and companies in the crosshairs of a scammer, the scam changes. A brand attracts patrons and supporters of the company who may be looking to the brand for help or intention to purchase from them. With a scammer at the helm, they may send the audience they’ve misled to a fake website that will collect their information or take their money.
Consumers can be misled by the accurate branding and message provided on a social media platform by the scammer. As a brand or company on social media, keep your links to your other accounts centralized and easy to find so consumers always know how to find your real account.
Scammers will ask for sensitive information about their accounts that a company wouldn’t normally ask. This will allow the scammers to access an account or take money from customers.
Social Media Impersonator Scams
With an influencer being used as an impersonation, fans of the account may be led to believe their favorite social media account is interacting with them. Scammers can use this close relationship to ask for money, send users links, or provide sensitive information.
Because influencers hold a unique position on these platforms, it can be similar to interacting with a celebrity. Scammers use the status of a celebrity to ask their fans at large to visit malicious links, provide money to a fraudulent cause, or interact individually and engage in sextortion with their victim.
How Can I Prevent Social Media Impersonation?
Preventing social media impersonation is the best way to be proactive in keeping yourself and others safe online. There are many tools available on social media platforms and steps you can take against impersonation tactics. These best practices can be applied to many, if not all, accounts.
Here are a few things you can do:
Strengthen Your Account Security and Privacy
One of the most important things you can do to protect your true account is to review the privacy and security settings. Each social media platform offers its own approach to security and privacy.
Review the settings and make sure you understand what they mean. See how your content and profile are presented to other users on the platform.
Enhance your account’s security by using a strong password. A truly strong password can mean that even in the face of a brute force attack, where someone tries to guess your password repeatedly, the chances of them getting in is almost impossible.
Many platforms, even outside of social media, offer two-factor authentication. Two-factor authentication typically requires the person logging in to verify their login attempt by supplying a code sent to an email address, texted to a number, or supplied through a phone call.
Avoid Oversharing
A surprising amount of information can be gained from individuals and influencers through their posts and profiles. While this tip doesn’t apply much to a company, its lesson can still be appreciated.
Individual accounts tend to share what feels like harmless posts or information. Even pictures can give away a lot about a person, making oversharing something that is often unintentionally done.
You likely wouldn’t tell someone your password or tell them where you live but hints about your life can penetrate the text and images of your posts. Images or posts that are geotagged can leave a digital footprint that users can see which can help them identify where you may be located. Images that contain landmarks, home address numbers, and license plates can be used to track you down.
Posts or pictures with pets, birthdays, family, friends, and other personal information can all be used to find more information about you or even guess your password. A staggering amount of people use some information from their personal lives as part of their passwords. Leaving these details out of your posts can be a big step to protecting your identity.
Filter Old Posts and Bios
If you currently operate social media accounts, one way to protect yourself is to filter older posts. Review your content to make sure that what you’ve posted doesn’t contain sensitive information or details about your life. A post on your birthday, mentions of children’s names, pet’s names, and locations can all be important details unique to you.
Many social media scammers looking to perform identity theft or phishing will use these details. Knowing as much as they can about you is key if someone is looking to phish your friends and family or impersonate you.
Make sure your biography isn’t full of key details about you. View your account from an outside perspective and ensure your username and displayed information don’t provide clues to your personal life.
Revise Your Friends List
As we traverse the world of social media and internet relationships, we may accept friend requests from anyone. Depending on the platform, being a friend is the only way you can see more specific details or content within a profile. Trimming your friend list down to those you know personally or trust can help keep you safe.
Scammers may use generic accounts or personas to perform recon on potential targets. These accounts won’t stand out and may not even be impersonated accounts of others but instead be a name with a non-descript picture. Scammers will use these accounts to probe or observe their target.
Make Your Account Private
Making an account private is one of the best steps you can take to keep yourself safe in a social media setting. Instead of making your information viewable to strangers, you can keep your posts and information shared with only those who you know personally and have been able to vet.
Some privacy settings can range from entirely hiding your information to only hiding posts. Making a private account is likely not an option for a social media influencer or a company, but understanding the platform can be beneficial.
Identify Phishing Attempts
A fraudster looking to use phishing tactics may create a network of distrust. They may ask the person they want to impersonate questions that can aid them in phishing their friends and family. The scammer may have impersonated a friend, family member, or coworker of their victim and has reached out to their target.
Identifying the phishing attempt is crucial to keeping yourself safe. Scammers can create an identical profile that uses the same profile picture, biography information, and exact posts as the person they impersonate. There are some giveaways as to whether this person is legitimate or not.
Check to see if you’re already friends with the person reaching out to you, and check if their username is what you remember it being. It could be an impersonated account if they’re asking sensitive questions but have no chat history with someone you’re certain you’ve conversed with previously.
Take a look over the profile messaging you to see their post history, and search your followers and friends to see if two of the same account or person are following you.
What Can I Do if Someone Impersonates Me on Social Media?
Becoming the target of an impersonation can feel scary and violating. The confusion caused by an impersonator affects both the friends and family of the impersonated person. Such an event can catch you off guard, but it’s imperative to take immediate action.
Here are our quick tips on how to deal with an impersonator:
- Collect Evidence: A scammer will have a profile built out that copies your images, information, and personal details. Take screenshots or screen recordings of any messages sent or received by the individual. An account may block or delete their account, which could lead to the loss of proof.
- Change Passwords: It’s a good idea to change your passwords on all accounts and to enable two-factor authentication when possible. You may not know just how much information an impersonator was able to collect about you or your loved ones. Securing your account by changing your passwords can ensure that no matter what has happened, accounts are now inaccessible if they have your credentials.
- Lock Down Accounts: You can lock down your accounts by following some of our steps above. Check your friends list, remove posts that contain any sensitive details, and make your account private. Review the privacy settings and see what options are available to protect your information.
- Let Friends and Family Know: If you’ve heard from someone that they were contacted by an account impersonating you, let other friends and family know. By letting those closest to you know, they can ensure they don’t give out personal information about you.
- Contact the Social Media Platform: Once you’ve collected your evidence, changed passwords, and locked down your account, you should report the violating account. Imitating a user is likely a violation of the platform’s terms and agreements. With any luck, the platform will swiftly remove the offender. You can rally those who have been contacted by the imposter and friends to have multiple accounts report the scammer.
- Send DMCA Takedown Notices: For influencers and companies, it may be prudent to submit a DMCA (Digital Millennium Copyright Act) takedown request. Many platforms will respond to these requests with swift action because violations of copyright can look bad for them. That means if an account is using copyright material in its profile in the process of trying to impersonate or commit fraud, it could result in legal action.
- Verify Your Account: Accounts that belong to companies and influencers can apply for verification status. On some social media platforms, this can be in the form of a checkmark or other icon that is designated only for accounts that have been verified as belonging to the true person. That means the profile has provided proof of their identity and business status, and is granted the privilege of signaling to the users on the platform that they’re genuine.
Seeking Further Help
Digital Forensics is dedicated to helping individuals and businesses stay safe online. If you or your company is dealing with scammers operating impersonated accounts, we can help you take control of the situation.
Our team of digital forensics experts uses proprietary tools to track and unveil scammers. We can prevent the release of sensitive information, document the event for legal purposes, and assist you in preventing the issue from happening in the future.
Our team is composed of former law enforcement officials, forensic investigators, and lawyers. If your case involves blackmail, fraud, catfishing, phishing, identity theft, or intellectual property issues, we can assist.
Our customer service team is available anytime by phone through our 24/7 hotline, live chat on our website, or email contact form to help you control social media impersonations.
Sources:
Social Media Statistics Details | University of Maine
Social Networking – Worldwide | Statista