Is Someone Pretending To Be You On Facebook?

Today I got a Facebook friend request from Joanne Sterner — except it wasn’t really Joanne Sterner.

fake-facebook
Fake Joanne friend request

Joanne is a great Democrat, so I almost clicked “Confirm” before stopping to think that we were probably already Facebook friends. One clue was that fake “Joanne” and I only had 2 mutual friends. When I looked up the real Joanne, I saw that we had dozens of Facebook friends in common. Another clue that a profile might be a fake is that the posts associated with the profile only go back a few weeks, and you know the person has been on Facebook for years. Facebook search will let you look up the real person’s profile so you can see the contrast.

This has happened to so many friends lately, inside and outside of politics, that I thought it was worth sharing some tips. If it happens to you, in most cases it doesn’t mean you’ve been “hacked” in the sense that someone has your password and can access all your private information. Rather, your profile has been “clone” by someone who took your profile picture and other publicly available information and used it to create a fake profile in your name.

If they can get into your network of friends, they can start sending out spam and scam messages like: “This is so embarrassing, but I really need your help. I’ve been traveling in Paris and lost my wallet. I would be so grateful if you could just wire me some money at …”

Your best defense is a network of good friends who will be suspicious enough to alert you to the problem before it gets to that point.

To be clear: I would recommend that you change your password, just in case. But most likely the more important step to take is to report the incident to Facebook:

Here are some relevant links:

Facebook help article https://www.facebook.com/help/167722253287296

This is the page where you actually report an impostor.

Here is another article that contains some useful tips on identifying fake accounts.

Facebook is a great resource for promoting the Democratic cause, but unfortunately it can be like campaigning in a bad neighborhood sometimes. You need to be prepared for the eventuality that things will go wrong.

Campaigns Need to Protect Their Online Identity

I’m cross posting this from my carrcommunications.com blog because I’ve now run across the problem of campaigns failing to control their own Internet domains several times. Your domain is an important asset that you need to protect for the success of your campaign and (hopefully) future reelection campaigns.

The Danger of Losing Control of Your Internet Domain

One thing that many small businesses, nonprofits, and political campaigns I have dealt with fail to pay attention to is ensuring that they have direct control over the Internet domain associated with their website and email accounts. Often, the domain is registered by a web consultant in the name of the consultant or consulting firm. Or sometimes, with nonprofits, it’s a volunteer who handles the registration and who winds up with the domain in his or her name. Unfortunately, this can cause the organization that rightfully should own that domain a lot of grief if the intermediary turns out to be unreliable, incompetent, dishonest, or just unreachable at a critical moment.

This is where your website and business email both go dead one day, seemingly without warning, because you never got the notices that your registration was about to expire. Or, you hire someone else to revamp your website, only to discover that you can’t “turn on” the new and improved version because you don’t have the necessary password and aren’t recognized by the domain registrar as having the right to access the account.

Your Internet identity is an important corporate asset for you to protect. Failing to do so is the kind of mistake that seems obvious in retrospect but is easily overlooked by an organization focused on getting up and running on the web. (more…)

Read on for more about how to avoid problems with your domain registration.

This is only one aspect of a campaign’s online identity, of course. You also need to protect your website, pages on Facebook and similar sites, and your email account, so that no one who is not you (or an authorized proxy) gets to put out messages that look like they’re coming from you. Think offensive messages, swastikas on the home page. Even after you explain that your site was hacked and it wasn’t really you, you still wind up looking foolish.

Among other things, this means you need to use serious, hard-to-guess passwords for your campaign accounts. Why would you, as a candidate, not consider the possibility of someone hacking your site as a political dirty trick? Even if your opponent wouldn’t stoop that low, you could be the victim of a rogue volunteer who is able to log into your website or your Facebook page or your email account because you used an obvious password like “grassroots” or the name of your first born child. Even outside of the political context, I see evidence of people trying to hack my websites all the time. Bored high school kids download automated hacking tools off the web and set them to probing Internet sites at random, breaking in just for the hell of it wherever they find weakness. So this is an area where it pays to be paranoid because they really are out to get you.

A good password might be based on a word or sentence with some personal significance, to help you remember it, but you need to encode it or obscure it somehow. A couple of suggestions, as outlined in this article on the Microsoft web site, are to take the first letter of each word in a sentence you’ve memorized, so that “My son Aiden is three years old” becomes “msaityo” and to complicate your password by combining upper and lowercase letters, numbers, and punctuation characters for something like “M$8ni3y0.”

You have to balance the need for security against what you can realistically memorize. Just don’t make it so obvious that your accounts can be cracked by anyone who has seen you talk and can try plugging a few of your favorite words and phrases into that password blank.