Spotting Scams Based on Fake Profiles

Around 608 million people worldwide fall victim to online scams each year, according to Exploding Topics. Scammers stole over $1 trillion last year with their social engineering tactics, estimates say. Considering the extent of online scamming, learning ways to identify social engineering practices and scams, which usually originate from fake profiles, is essential to avoiding money loss and identity theft.

A lack of awareness of the way scammers operate, of key red flags, and of techniques leveraged to verify fake profiles increases the likelihood of falling for a scam. Hence, it is important for businesses and individuals to stay vigilant. Otherwise, scammers are just a click away, ready to steal your money, identity, and sensitive information.

This post navigates you through the basics of social engineering, key red flags, effective verification techniques, and tips to safeguard your personal and business accounts.

Social Engineering Tactics

The most effective way to avoid potential scams and avoid falling for social engineering tactics employed by scammers is staying one step ahead of them. You can only do that by understanding the basics of subtle manipulation, channels used by scammers, and the tactics they use.

Basics of Social Engineering

Social engineering is a technique leveraged by scammers to trick people. They build trust just long enough to exploit it and make their targets reveal sensitive information or perform an action.

This technique involves the use of emotional hooks, enabling fraudsters to evoke fear, curiosity, or desire. Scammers may also create a sense of urgency. Their primary objective behind doing so is to compel their target to perform an action leading to the loss of money or information.

Channels Used by Scammers

Scammers usually leverage social media platforms and use fake or hijacked profiles to send DMs or friend requests to their targets. They also use channels such as emails and messaging apps to send phishing links, impersonation messages, or too-good-to-be-true offers related to jobs or sale discounts. Additionally, you may see them lurking on dating sites and social forums to trap targets by building emotional trust that they can exploit later.

Typical Tactics

Scammers typically use tactics like impersonation, flattery, link manipulation, file attachments, and urgency pressure. They first build pressure by acting like a coworker, customer support executive, long-lost friend, or a distant relative.

Here is a real-world example to help you understand their tactics:

A person saw an email from the bank. It appeared legit because of an authentic logo and tone. It required that person to help the bank verify their identity by clicking an attached link. The person acted immediately and provided the necessary information to fill out a form. Later, what that person saw was an emptied account, as scammers deprived that person of thousands of dollars within a few minutes.

Key Red Flags

One of the biggest mistakes people make when they fall for online scams is trusting random messages or requests without thinking twice. Scammers often leave clues; you just need to be alert and notice the warning signs.

If you spot one or more red flags on someone’s profile, it’s always safer to check things carefully instead of taking a risk.

Here are some common signs that should make you stop and think something might be wrong:

1. Fishy Profile Picture

Upon receiving a connection request on any social media platform, the first thing you should notice is the profile picture. Scammers often use a stock photo, a celebrity’s headshot, or an AI-generated face as their display picture. You may also witness signs of manipulation, such as unusual lighting, mismatched backgrounds, or distorted edges. 

2. Suspicious Username/Handle

Another red flag could be the username or handle itself. For instance, you may see too many numeric characters in the username of an account, such as @writer55226633. You may also witness slight misspellings or alterations of well-known names, like @Support_Metta.

Scammers also use newly created accounts to scam people. There could be something fishy if you are interacting with an account that was created several hours ago.

3. Vague or Generic Bio

Another warning sign could be vague or generic biographic information featuring unclear job titles without any credentials or affiliation with any company. Such a bio may lack personal details and hobbies. You may only see a single link that directs you to a clickbait site. Biographic data in a suspicious profile may feature frequently used text you see on any other profile, especially suspicious accounts.

4. Doubtful Connection Patterns

The traits of suspicious accounts that are usually coined by scammers are not limited to the display picture, username, and bio. Connection patterns could be a red flag as well. For instance, an account used by a fraudster may show few or no mutual connections. Additionally, you may also see a sudden increase in followers, friends, or connections of that account within a couple of days. The account may follow thousands of other people but show no engagement, such as likes or comments, at all.

5. Error-Riddled Grammar

The messages you receive in DMs from a suspicious account will be cluttered with grammatical mistakes and weird phrasing, as if they were crafted in a hurry. This usually occurs because scammers are interacting with multiple targets at the same time.

6. Unrealistic Flattery

Red flags in direct messaging are not limited to error-riddled grammar; you will likely witness the person on the other side using overly formal salutations, such as “Dear Valued Customer.” Additionally, scammers use unrealistic flattery as a tactic to earn your trust.

7. Sense of Urgency

When fraudsters want you to perform an action, such as clicking on a link, downloading a malicious file attachment, or filling out a form, they will create a sense of urgency. Phrases like “act now or lose it all!” and “Verify ASAP to enjoy our services without any unnecessary interpretations” are common.

Techniques to Uncover a Scam

Spotting red flags is a good first step, but confirming someone’s identity can help stop scammers and keep you safe. Learning these tips will not only improve your online safety but also help you get better at spotting fake profiles and suspicious messages.

Here are some simple ways to avoid scam accounts and stay protected online:

1. Check Mutual Connections

If you see any mutual connections on the profile of a person who is trying to reach out, it is better to get in touch with the shared contacts first and ask whether they actually know that person. If the answer from shared contacts is negative, it is worth pausing. Scammers often target individuals by claiming to be acquaintances of close friends.

However, you must verify the connection of a suspicious account with the common connection through a direct channel to avoid any potential scam leading to loss of identity, money, or data.

Additionally, stay vigilant of mutual connections carrying out suspicious activities, or long periods of silence. 

2. Inspect Timeline Consistency

You must also consider inspecting the timeline consistency of a suspicious account that a scammer may be controlling. Browse posts by the account. Use your instinct and ask yourself whether they have a natural, evolving presence? If your inner self returns ‘no’ as an answer, you must pause and rethink your interaction with that particular account to avoid incurring a loss.

Real accounts have a history of posting content or thoughts, reacting to others’ content, and commenting, spanning across years. On the contrary, scam accounts will show a sudden burst of recent activity, repurposed content, and copied motivational quotes after a long phase of silence. You should stay away from such accounts.

3. Perform a Face Search Online

Face search is a simple yet powerful way to detect fake accounts. Just take a screenshot of the profile picture of the person reaching out to you and upload it to a trusted face search platform that scans multiple sources across the Web.

If the same image appears on stock photo sites or is linked to several unrelated profiles, it’s a clear red flag. Still unsure? Try uploading a cropped or slightly altered version of the photo to uncover additional matches.

Face search makes it easier to refine your image and find other instances of the same face online.

4. Run a Cross-Platform Audit

Don’t rely on a single platform before trusting an account. Instead, search for the same person across multiple social media platforms and look for consistency across all platforms. Ensure that the person who is interacting with you has an account on other platforms with the same name, photos, and bio.

Leverage your instinct and ask yourself whether the online footprint of the person who is in contact with you makes any sense; is it really reflecting the same character that they claim to be? In the event you see no profile of a self-acclaimed executive or seasoned professional on LinkedIn, it is better to cut off all communication.

5. Validate the Given Email Address and Domain

If you are interacting with someone through email, it is better to go for email or domain validation before taking any other step. Pay attention to the email address, especially the domain name. If the email address is something like John.doe@Goggle.com or MicroS0ft.support.help@outlook.com, you should not respond to it.

Instead, consider validating it. You will easily find trial or basic versions of domain verification tools for this purpose. Business domains are often professionally maintained and traceable.

If you are not able to trace the domain, never perform any requested action, and if possible, report the email. Using reliable email validation tools can help confirm the authenticity of senders, reduce the risk of phishing, and maintain the integrity of your communications.

6. Leverage Browser Extensions

Browser extensions can be a powerful resource for an average netizen and professional to spot scams, as they can flag suspicious behaviors as you browse through your account or engage with it. You will easily find social media reputation checker extensions that will analyze the underlying profile’s legitimacy. These tools can easily help you assess the legitimacy of apparently polished accounts.

Similarly, anti-phishing extensions can notify you before you visit a suspicious website or click a fishy link by working in real-time. Link expander plug-ins can expand shortened URLs, which are often used to hide malicious links. Such extensions quietly work in the background to reinforce your cybersecurity and digital well-being.

7. Ask for Live Interactions

Another way to draw a line between a legitimate and suspicious account is to request a quick video call or ask for an audio chat. Scammers usually avoid live interactions, so they will hesitate to interact with you through video or voice.

They can easily script messages, which is why they prefer textual interactions. If you witness hesitation, audio delays, or robotic speech in live interactions or voice notes, it is better to abandon further proceedings.

Best Practices to Protect Personal Accounts

Average netizens usually prefer online activity using the smartphone apps of social media platforms. These apps provide users with portability and real-time protection against scams and phishing attempts.

Here are some practices to help you ensure the safety of your personal accounts:

• Leverage verification apps to spot scam calls;
• Install scam detection platforms to research and track potential fraud;
• Enforce “two-factor authentication” to protect sensitive data, such as passwords;
• Use built-in chat scanning features or apps to identify scam-like tones;
• Implement privacy settings across all social networks;
• Pause and think before accepting any connection requests.

Tips to Safeguard Business Handles and Sensitive Data

We live in the age of digital transactions, intellectual assets, and cloud storage. Businesses and affiliated professionals must leave no stone unturned in reinforcing the security of sensitive data and employing multi-layered defense protocols against scams and cyber threats.

Here are some tips to make it possible:

• Implement digital hygiene protocols based on checklists;
• Educate employees to deal with suspicious URLs and attachments;
• Leverage advanced, enterprise-level scam detection tools;
• Employ the policy of following a checklist using protocols like SPF and DMARC;
• Ensure secure data access and authorization;
• Enforce DLP (data loss prevention) policies across communication channels;
• Emphasize regular data backup by using encrypted digital services;
• Keep an eye out for the brand’s social and public exposure;
• Track brand mentions and impersonation attempts using sophisticated tools;
• Release public notices upon identifying any malicious activity tied to your brand.

Conclusion

Nowadays, businesses and common netizens are equally vulnerable to scams that lead to the loss of billions of dollars annually. Considering the severity, it is essential to stay ahead of scammers and work on practices that can help effectively identify and avoid scams. Additionally, it is important to focus on building multi-layered protection against tactics employed by scammers.

This post has provided some valuable takeaways that can help reinforce safety against potential scams. It’s worth working on them to ensure your cybersecurity and seamless digital activities.

Alex Tray is a system administrator and cybersecurity consultant with 10 years of experience. He is currently self-employed as a cybersecurity consultant and as a freelance writer.