Recently, the men on our staff have been inundated by Facebook friend requests from strange women with whom we share zero mutual friends.
Just in the past couple weeks alone, Chelsie Dugan, Aurelia Justina Oviedo, Elisabeth Voland, Abigail Dixon, Marian Sayre, Marina Protonotariou and Helen Savoie have expressed an interest in networking with us. And those are just the ones we can remember and who still have active Facebook accounts. Plenty more have come and gone before seemingly disappearing altogether.
It’s not just women, either. As a gay man, I’ve received a carousel of friend requests from smiling, chiseled Europeans like Francisco Bastida Pulido, reminiscent of the Belgian orphan who catfished me back in the mid-aughts.
Fool me once…
Admittedly, I have attempted to engage with a few of them — for journalistic purposes, of course. But alas, my messages have never received a response.
“Does anyone really fall for this?” I wondered aloud in the office last week.
“Absolutely,” replied my fellow staff writer John McDermott, laying out the logic:
Brain: You’re getting catfished, idiot!
Penis: She’s hot and French.
Me: Let’s give her a chance guys!
It’s obviously a scam, but to what end?
“People may try to create fake accounts for a variety of reasons,” a Facebook spokesman tells me. Said reasons can include: To spam or spread a virus; to market and advertise; to test friends behind their back; or to harass an ex. “But usually the goal is to make connections and then send spam links or try to pull off scams,” e.g., romance scams, lottery scams, loan scams, access token scams, etc.
The spokesperson says Facebook uses a range of automated systems to help detect and stop fake accounts, but they recommend not accepting suspicious requests — i.e., those from people you’re already friends with on Facebook; those from an attractive member of the opposite sex with whom you have no mutual friends; or those claiming to be “looking for love.” He adds that you should also be cautious of links, files and offers you receive unexpectedly — especially from people you don’t know.
The scam seems nebulous and minor-league — so much so that it’s tough to understand the endgame. That said, they probably warrant caution, so I reach out to Paul Roberts, who covers hacking and cyber threats as editor-in-chief of the cyber-security website The Security Ledger, to better understand what these alluring — yet clearly malevolent — Facebook friend requests are all about. Here’s what he told me:
They’re bots. Most people aren’t that beautiful, Roberts says, stating the obvious. The scam is basically to become friends with you to gain access to your friend network. The defense, of course, is to convince the brain to overrule the penis in John’s sample dialogue above.
“More sophisticated scams might have actually engaged with you and tried to cultivate your interest and get you to friend them. In security circles, we talk about ‘social engineering,’ which is basically online grifting. So a note with the friend request like: ‘Hey [YOUR NAME]! I’m a friend of [YOUR FRIEND’S NAME]. Just thought I’d connect with you on Facebook, too! LOL!’ That may not fool you, but it fools a lot of people and is low-hanging fruit for any scam.’”
Friend requests with no context but with ample cleavage or shredded abs suggest little premeditation, Roberts explains, and aren’t likely to work on anyone but the loneliest and most clueless targets. “This is basically Facebook spam — send it, forget it, and wait for some sucker to friend you back because ‘So pretty!!!’”
That said, nefarious forces could do a lot with an accepted friend request. Since friending them will give them access to your friend network, they can then target your friends, and so on. “Unless you’re scrupulous about setting up friend groups and sticking untrusted people in low-privilege ‘acquaintance ghettos’ where they have limited access to your profile,” says Roberts.
And who the fuck does that? Hardly anyone, which is why the scams exist in the first place. Also, Roberts explains, we tend to blindly trust our Facebook friends, which is an open door for them to slip you a malicious link that will take you off Facebook to some drive-by download site that can put bad stuff on your computer or phone: “This could be as simple as an innocuous Facebook message like ‘OMG! This is the funniest video, check it out!!!’ and then a link. It could be a clickbait post that you can’t investigate. You’ll only see it because they’re your ‘friend,’ and you’ll have forgotten that you don’t actually know this person, or how you (never) met. So Facebook becomes a platform for reaching people and scamming them. Who the hell reads email anymore, right? ‘Fish where the fish are,’ as the saying goes.”
The scam is intelligent enough to send me hot guys because I’m gay while sending my straight colleagues hot women. Facebook makes it easy to target users based on their interests and other various identifiers, Roberts explains. Anyone who’s hosted an ad on Facebook has seen this firsthand. “You can slice and dice their audience to an almost ridiculous degree,” Roberts says. I’m not sure how they ‘found’ you, but my guess is they have a few standard profiles set up with different photos and orientations, and they just click and repeat.
“They sent you guys both straight and gay friend requests, which suggests they’re not being super careful when targeting new people. Perhaps they found you through a friend who is also gay, and they made an educated guess. Perhaps they eyeballed your social graph, and again, made an educated guess. For most people, their preferences — of all sorts — are discernible by looking at their publicly available information.”
This isn’t unique to Facebook. LinkedIn has the same problem, as does pretty much every other social media platform, Roberts notes. “We’re not as evolved in regard to wariness about social media attacks as other types of attacks (web site, email), so scammers look to exploit that.”
Although it might seem like you’re getting more of these requests lately, that’s not necessarily the case. It’s a big issue, Roberts says, but an endemic one. “In other words: I doubt you’re seeing a ‘spike’ in this type of activity. These scams are the broken windows of the social media world: background noise that’s always going on with Facebook and other platforms. Occasionally some scam will get enough reach that it actually becomes news. Mostly, though, this stuff just persists in the background.” He says these profiles will eventually be flagged as “inappropriate” or “scam” profiles, which is done by clicking by the ellipses on the person’s cover photo, selecting “report” and following the on-screen instructions. “Facebook will shut them down,” Roberts promises. “But by that time, the scammers have created 1,000 more identical profiles. It’s really whack-a-mole.”