Over the last decade, we have seen a drastic increase in social media platforms being used to promote and market start-ups and emerging businesses. Many entrepreneurs have recognised that social media is a fundamental tool in ensuring the growth of their business. A recent study illustrated that 73% of business marketers have attributed the success of their business to the effective use of social media in marketing and advertising their product and/or services. However, while social media boasts great interaction, creativity and business prospects, a more concerning trend is the use of fake accounts or ‘social media website clones’.
What is a social media clone?
A social media clone is a fake or ‘cloned account’ which is created by copying a leading website’s basic functionalities and features. It is one of the fastest growing trends amongst growing start-ups and new businesses and due to copyright issues, developers have introduced a new GUI and some extra features as safety measures to ensure user data is protected online. However, start-ups and new businesses aren’t the only group turning to social media. Hackers are amongst the group of hopefuls joining in on this trend and are relying on social media to steal personal data and information of businesses and individuals alike for financial gain. Statistics show that near 43% of breach victims were small or emerging businesses, and hackers are relying on social media to carefully pick and choose their next victims.
Emma Heathcote-James, the founder of Little Soap Company was the recent victim of a social media copycat. The hackers cloned her Instagram page for her beauty-product business, which she spent 12 years building, and she was only alerted to the page when the hackers accidentally tagged her in one of the photos they posted. The frightening reality is that hackers are becoming increasingly innovative and created a near exact replica of the page, with the addition of an extra “o” to the end of the name as the only discernible difference.
Cloning social media accounts has become a new kind of cyber-attack.
How are clone accounts created?
Social media is the perfect tool to gather information. Recent reports have found that 96% of police and local authorities use social media as a means of gathering information. As such, if adequate protections are not in place, many accounts can be cloned, copied or stolen entirely.
Hackers and fraudsters clone accounts by searching the social media profile, gathering personal data such as name, age, date of birth and a selection of screenshotted images. In addition, to increase the authenticity of the business, they create a PayPal account that matches the current model.
The statistics show that 22% of internet users have had their online accounts hacked at least once, while 14% reported that they had been hacked more than once. In addition, Facebook estimated that the portion of fake accounts was 3% and duplicates was 10%. Statistically, this means that as many as 270 million of the platform’s 2.1 billion users’ accounts could be fraudulent or duplicated.
Actions of social media platforms?
In a BBC news report, Emma Heathcote-James expressed her frustration in trying to contact Instagram and their owners, Facebook to report the fraud and remove the account. Following increased scrutiny over their security and data protection safeguards, Facebook and Instagram implemented new end-to-end encryption systems through their instant messaging tool, with platforms being re-designed to encourage people to share with more private communities. When many of us face issues with our account, we’re left to deal with a “chat bot” to solve our issues. However, given the highly complex and emotional aspect of fraud and data hacking, concerns are raised as to whether these computer-generated algorithms can comprehend, address and resolve these issues. At present, Facebook and Instagram’s reporting system makes it difficult to directly report fraud, malicious content or other such breaches which may deter individuals from reporting the crime.
In Emma’s case, while the account was removed, it took considerable time and effort to communicate the infringement and fraud to the social media providers; time and resources that many individuals and businesses lack, especially following the COVID-19 pandemic.
Security specialist vs himself
Jake Moore, a security specialist at “ESET”, an anti-virus company, copied his own Instagram account with over 1,000 followers as an experiment to determine how easy it would be to clone a social media account. Firstly, he created an entirely new account (as shown in the photos below) and added “NEW ACCOUNT AFTER LOSING ACCESS TO ORIGINAL” to the bio section of the profile. Secondly, to generate some followers, he followed 30 of his friends with the new account; 13 accepted and followed back. However, none of those 13 followers messaged or questioned the account which prompted Jake to test them further. He reached out to one of his friends, engaged in a brief conversation which resulted in her offering to help him. He was easily able to trick the target into thinking it was genuine, with no extra checks. Many hackers and fraudsters implement this strategic thinking to trick the victim and then pass on PayPal details to generate a cashflow through the cloned account.
Better internet and social media safety is required to prevent the increase in cases of account fraud and cloning. It will be vital to reduce the amount of personal information and photos of ourselves online while teaching the next generation of social media users about internet safety.
However, as in Emma’s case, social media platforms such as Facebook and Instagram leave much to be desired when it comes to reporting serious criminal activities such as fraud and addressing the security and data protection of their users. The experience of Emma Heathcote-James and Jake Moore showcase that social media platforms must take greater action to safeguard users and businesses from having their livelihoods taken.