Connect with us

Hi, what are you looking for?



Study Analyzes Fake Facebook Profiles vs. Real Users

With Facebook’s recent IPO filing revealing that it holds over 100 petabytes of photos and videos from its massive global base of 845 million users, it’s no secret that hiding in those millions of profiles are many fake accounts created and operated by cybercriminals.

With Facebook’s recent IPO filing revealing that it holds over 100 petabytes of photos and videos from its massive global base of 845 million users, it’s no secret that hiding in those millions of profiles are many fake accounts created and operated by cybercriminals.

Today, Barracuda Networks, a provider of security and data protection solutions, released findings from a study comparing fake Facebook profiles vs. those of “real” profiles. It the study, Facebook: Fake Profiles vs. Real Users, Barracuda researchers analyzed a random sampling of 2,884 active Facebook accounts to identify key differences between average real user accounts and fake accounts created by attackers and fraudsters.

Highlights from the study, presented today by Paul Judge, Chief Research Officer at Barracuda Networks at the 2012 Kaspersky Threatpost Security Analyst Summit in Cancun, Mexico include:

• Almost 60 percent of fake accounts claim to be bisexual, 10 times more than real users

• Fake accounts have six times more friends than real users, 726 versus 130

• Fake accounts use photo tags over 100 times more than real users, 136 tags per four photos versus one tag per four photos

• Fake accounts almost always (97 percent) claim to be female, as opposed to 40 percent for real users

Advertisement. Scroll to continue reading.

Facebook, which consistently fights to keep attackers out of its network, most recently announcing its lawsuit against a marketing firm accused of “spreading spam through misleading and deceptive tactics.”

“Also, researchers have shown how friending malicious accounts can lead to account takeover using Facebook’s trusted friend account recovery,” Judge continued. “We have analyzed thousands of fake accounts to determine features and patterns that distinguish them from real users, and created a feature-based heuristic engine to distinguish real users from fake profiles.”

“Different social media platform providers are attempting to fight issues such as automation and fake accounts from within,” noted Noa Bar-Yosef, a Senior Security Strategist at Imperva in a recent SecurityWeek column. “However, these initiatives are still quite immature, and there’s a clear conflict of interest between social networks’ attempt to remove fake accounts and their desire to show constant growth.”

“An inherent issue of social networks is the lack of trust and proper identification,” Bar-Yosef added. “For businesses this means that the social platforms do not provide a solid way to tell apart the real owner of a brand from imposters and imitators who try to take advantage of the popularity of a specific brand, to abuse or to erode it. At the other end, it is not possible to verify the identity of message writers and there are no real tools to evaluate the trustworthiness of the messages or their content.”

Barracuda’s study analyzes data collected from its Barracuda Profile Protector, a free tool that analyzes and blocks malicious activity on Facebook and Twitter, along with public data collected from streams and network crawling to demonstrate how users typically operate. The study illustrates how attacks on Facebook are structured to exploit the “friendship” concept and trust of widely-used applications. A variety of machine learning techniques are used to analyze shared URLs, profile images, profile information, and connections with other users to reveal associations, weak and strong, between malicious users.

“Likes, News Feeds and Apps have helped lead Facebook to its social network dominance and now attackers are harnessing those same features to efficiently scale their efforts,” Judge concluded. “These fake profiles and apps give attackers a long-lived path to continuously present malicious links to innocent users.”

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...