I started getting notes from my Facebook friends and family that I had apparently sent them a friend request. Obviously if Iím already friends, why would I send a friend request? Something is fishy.
Itís not a hack, but it is a bit of bot driven social engineering. What they do is copy your profile photo, your name and sometime other publicly visible details and then they start going through your friends list and sending friend requests. I actually friended one of these because I have a friend who is a little loopy and I figured she had just created a new account. Itís reasonable, and it works.
But, why? What does a bot have to gain by being friends with your friends? The simple answer, access.
Facebook works on the six degrees of Kevin Bacon principle of privacy. That is, if Iím friends with you, I get to see your private notes that only friends get to see. And I get to see stuff about your friends too. Sometimes I get to see a LOT of stuff, like your birthday (ďitís so-and-soís birthday today!Ē) which can be used as part of a broader profile that the bots can be building on you.
The entire Cambridge Analytica ďbreachĒ that influenced the 2016 election was categorically not a breach. It was a survey that people took, and in the process, they gave up information about themselves, including their friends. Knowing your friends and knowing a bit about you means I might be able to leverage your politics against you, I might be able to trick you into trusting a brand or buy somethingÖ
And itís all perfectly within the Facebook guidelines that you reveal a bit more about yourself as you add friends, so it makes perfect sense that this social engineering is happening Ė friend me! You know me!
And once you do it, the bot now knows you.
Share this article:
Kristen Fife: Re: - Fake Friends
I never take FB quizzes, and I stopped ďlikingĒ things. Instead I reply to what I like with a positive comment or an emoji.
Sean Gates: Re: - Fake Friends
It's not a breach if FB was willfully giving it away.
: Re: - Fake Friends
Be sure to see my blog over at Cloudenity. This week's topic:
The Physical Impossibility of Migrating to the Cloud