Sophos warns of Facebook fakers

Fake fan pages can exploit members' trust, says Sophos

Security experts are warning of yet another scam to hit Facebook, pointing out that the site is full of fake Fan Pages which could open users up to another avenue of attack.

Sophos senior technology consultant Graham Cluley, himself the victim of a fake fan page, urged Facebook to tighten up its rules on the creation of such sites, as their existence threatens the security of other users.

“Innocent people – friends, acquaintances, and anyone who might follow my blog – are joining the fan page in the belief that they are somehow following me. They have no way of telling that I didn't create this fan page," said Cluley in a blog posting.

"As someone who has received anonymous death threats from Facebook users in the past, I don't see the funny side in someone called Fred West creating a Facebook page about me."

Although the social networking site has rules in place to deal with unauthorised fan pages, and actually should be prohibiting the creation of unofficial ones, the fake Cluley profile has not been removed, despite calls from the real thing for its removal.

Such fake sites can build up user trust, Cluley explained, which can then be exploited for malicious gain. “Imagine if a celebrity with a huge following such as Johnny Depp or Sandra Bullock had a fake fan page set up using their name,” he said.

“An imposter could potentially gather hundreds of thousands of Facebook fans, before one day deciding to update them all with a malicious link or send them a dangerous scam. Alternatively, the victim of a fake Facebook fan page could have their character besmirched by someone choosing to post offensive or defamatory updates in their name.”

Cluley recommended that Facebook insists on some sort of proof that anyone setting up a fan page has a real connection to the firm or company it represents.

“We believe that simple changes made to the site will make Facebook users safer," he added.