When someone impersonates you online it can be a frightening and stressful experience. Learn how to safeguard your identity and accounts.
Nobody is safe from online threats--not even IT professionals. I was recently subjected to being impersonated online which, while unpleasant, was also educational.
Online impersonation isn't the same thing as having your social media account hacked and commandeered; it involves a malicious individual setting up a wholly different account similar to your name and with your existing profile picture.
SEE: Windows 10 security: A guide for business leaders (TechRepublic Premium)
Why would someone do that? The goal is routinely negative: Either someone is trying to con your social media contacts into doing something that benefits the attacker (e.g., giving them money), or the person wants to harm your reputation in a revenge/cyberbullying ploy.
This article is also available as a download, 10 tips for dealing with an online impersonator (free PDF).
A personal account
My experience with online impersonation started when I was sitting by the pool with my teenage daughter, who casually asked if I created another Instagram account. I told her "No," adding that I rarely use mine, but I recently liked a couple of her photos. I assumed she saw that activity and got confused.
Within a few minutes, I got a message from my niece, an avid Instagram user, warning me that someone created a fake account in my name and was messaging her about a grant.
This person had copied my profile picture and set up a bogus account matching mine, with the exception of an underscore (_) at the end. He then proceeded to follow several of my followers -- including my daughter and niece, with the obvious intent of getting them to follow him back.
I resolved the issue in short order. Afterwards, I came up with 10 tips for handling these types of situations.
1. Vet your friend/contact list
It is very important to ensure that you are connected via social media to only people you know, are friends with, or can at least trust. In my case, I had some Facebook associates who I didn't know in person (friends of friends), and it was conceivable that these individuals were responsible for the Instagram attack. Scammers often send people friend requests in order to obtain details about their lives, which they can then utilize maliciously against them.
After solving this problem, I culled from my Facebook friend list the three-to-four people I considered potential suspects -- or at least individuals I no longer wanted to access to my information and knowledge of my activities. Do this in advance with any connections you're not 100% sure about.
2. Be proactive
In my case, I immediately posted to Facebook AND Instagram several warnings to my friends and followers that someone was impersonating me and to immediately block his account.
However, it's worth sending out an advance announcement to tell people you will never create an alternate account to connect with them and to be wary of any such requests or attempts. Inform people to contact you directly at your existing account if this ever occurs; this will help reduce the risks to all involved. If people know your existing social media account is the one you actively use, they won't be fooled by connections/friend requests from new ones.
What's the number one reason people create additional social media accounts (without entailing negative intentions)? They forgot the password to their existing account and password recovery efforts failed. Don't let this happen use a password manager like KeePass to securely store your credentials.
3. Pay attention to unexpected developments
In my case, I squandered several minutes by not really reflecting on what my daughter said, assuming she was confused about my Instagram account. However, my daughter rarely gets confused, so I should have immediately been alerted to the fact that someone was pretending to be me on Instagram and taken action.
Be careful, however, not to pay so much attention that you take seriously false notifications from unknown individuals that your account has been compromised. We all get "urgent notices" in our email accounts advising us to "click here to reset your account." Never follow this advice blindly; check carefully the sender's details and hover your mouse over the link to check the website address they're quite likely trying to lure you to.
4. Stay calm
It's extremely disturbing to see someone pretend to be you online. An imposter can pose a risk to your reputation, friendships, and even your career. Throughout this grim process I had to fight to stay focused on not become mired in "What if."
It's important to stay calm and proceed with caution, yet also work rapidly in order to solve the problem.
5. Get screenshots
Take screenshots of the imposter's account and all related activities they may engage in. This can come in handy if they block you or the bogus account is removed. Do this via your phone or computer (look up instructions as these will vary across devices and operating systems).
While I'm sad to say this sort of evidence isn't likely to ever be used in court -- at least not in the case of anonymous random scammers in unknown locations -- it is possible that these screenshots can help in a criminal or civil case against a known individual deliberately targeting you.
5. Send out a warning to all your contacts
Notify everyone you know on social media immediately about what is happening and that they must not interact with or respond to the imposter. Provide the full account name/information to your associates to tell them who to watch out for.
It might even be worth calling close friends/family members to let them know what's happening, as they will likely be the first targets of a scammer (witness how the imposter tried to prey upon my niece with a ploy involving a grant).
6. Don't contact the imposter
It's a waste of time to get in touch with the imposter and accuse them or ask them to stop their activity. This is something I learned the hard way. I found the scammer's fake account and dropped him a line via Instagram demanding to know what he was up to. He feigned a pitiful sort of remorse, saying he would not do it again, but that he was poor, lived in Ghana, was trying to beg for money and needed my help, obviously hoping I would send him financial compensation to stop his activities.
Never do such a thing; it only encourages the scammers. I refused, stating I would not help a thief and sternly ordered him to delete the fake account. He grew hostile and started calling me names. He then proceeded to gloat about all the scamming he intended to do as I began hurling some invectives in return.
The conversation was clearly a waste of time, and I'm quite sure while he was distracting me he was steadily attempting to lure my Instagram associates into some kind of gimmick. I blocked him, terminating the discussion.
7. Report the imposter
However, I found it very easy to click on the details of the Instagram account and report it. Simply click the three horizontal dots (...) appearing on the account page and choose "Report user."
The process will vary among other social media platforms but should be similarly straightforward (you can always Google the process for the latest details). I reported the user for using a false profile impersonating me and submitted the report.
The fake account was removed within the hour. Since I blocked him I could not see this for myself, but I checked this via my daughter's Instagram account and had other friends confirm as well.
In retrospect, it would have helped to request my Facebook/Instagram friends to also report the scammer, as they would likely have hastened his removal even more rapidly.
Great job, Instagram, and thank you!
8. Check your other accounts
It's worth checking out all of your social media accounts to ensure they are accessible by you, have not been compromised, and that the scammer hasn't set up more fake accounts in these environments. If so, report these as well and then alert your associates and contacts of this latest round of developments.
9. Follow-up later
Just because one fake account was vanquished did not mean there might not be more. Someone with an axe to grind might just keep at it for an hour, a day, a week, or even later.
Remain vigilant (don't go vigilante) and search for your name across the social media platforms you use (and even the ones you don't). Ask a friend to do so as well in case the scammer blocked you from seeing the fake account.
10. Keep it in perspective
Being the victim of an online poster wasn't my idea of a good time. However, it was likely a random event caused by a low-level moral reprobate in some backwater internet cafe, not an insanely clever Hannibal Lecter-type with a mastermind strategy to destroy my life.
The beauty of swatting imposters is that by definition they have to be easy to spot. After all, they're trying to use your name (or some permutation thereof), and your picture to capitalize on the trust of your friends or contacts.
Ergo, locating these fraudulent accounts is quite literally child's play and social media platforms are willing and responsive in combating these degenerates. It's not just because of altruism, after all, it helps their bottom line, financially, to keep their environments hospitable and secure.
- How to prevent wire-transfer fraud: Tips for SMBs (TechRepublic)
- 10 tips to combat phishing via social media platforms (TechRepublic)
- How to train your employees to avoid online scams: 5 tips (TechRepublic)
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- 10 dangerous app vulnerabilities to watch out for (TechRepublic download)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)