With the continuing rise in popularity of social media sites like Facebook and Twitter, businesses need to be aware that their brand will at some point face an attack from cyber-criminals who are creating fake social media profiles in order to impersonate their brand. This is also called “likejacking” (a variation on clickjacking) in which malicious coding is associated with a FacebookLike” button. These types of attacks hide the “Like” button behind enticing web pages, for example, “5 tips for losing weight fast”. No matter where a consumer clicks on the web page, they are actually clicking the Facebook “Like” button without their knowledge. Through this, hackers can achieve identity theft, dissemination of viruses, social spam and hoaxes.

These cyber-criminals have also been known to create fake profile pages, get large amounts of likes and then change the entire page name and content to something else. This is a very efficient way to distribute their scams.

Note: Facebook have now enforced a procedure whereby, if a page you have liked changes its name, you will get a notification. This allows you to remove that page from your profile if it is not legitimate.

It can be difficult for consumers (fans on Facebook, followers on Twitter) to identify a Facebook or Twitter profile that is not legitimate. Sometimes the fake profile may only have one letter in the name of the account that has been changed, and that can be hard for users to spot. For example, “Woolie Works” & “WooIie Works” look identical; however, the second version uses an uppercase “I” (as in Igloo) instead of a lowercase “l” (as in lemon). Can you tell the difference? More often than not, fake social media profiles just simply use the real name of the company they are impersonating, and add a title or a city: “Woolie Works Inc.”, “Woolie Works Australia”. This really makes it hard for customers to get access to the real account of the company they want to follow and get in touch with.

The main risk to businesses from these fake social media profiles is damage to their brand name and reputation. Fake profiles might post fake offers, promising something enticing to customers, or provide fake contact details for the business, which will then cause customer frustration when they can’t get through to the department they need. They might provide offensive responses to customer complaints or post incorrect product information on the profile page. This can cause significant damage to a company’s reputation. Some criminals are even creating fake profiles, on sites like LinkedIn, to target executives of large organisations. In the second half of 2014, FraudWatch International saw a 50% increase in the number of fake social media profiles impersonating brands.

If companies only focus on one network, like Facebook for instance, they may be unaware of malicious activity that is occurring on other networks, which can have millions of users. Some large organisations are already trying to protect their brand by staying ahead of the criminals. They have created Twitter accounts, even though, at this stage, they are not planning on using it to communicate with customers. By proactively creating these accounts, they are stopping the criminals from stealing their brand name and using it for malicious purposes.

Large organisations are prime targets for these fake social media pages and scams. Just recently, Qantas had to deal with a scam offer that was advertised on fake Facebook page titled “Qantas Airline”. The offer promised free first class flights to anyone who liked and shared the offer.

Once they became aware of the scam, Qantas reported the page to Facebook and it has now been removed. However, the fake page remained active long enough to receive more than 85,000 likes, more than 15,000 comments and more than 100,000 shares.

Click here to read the full article.


  • Be aware of fake profiles that may already exist on social media networks, like Facebook, Twitter or Instagram
  • Understand the impact to your business if fake profiles are accessed by customers. It could result in significant damage to your brand name and cause customers to mistrust even your legitimate profiles
  • Be proactive and create profiles on all social media networks (even if they won’t be used yet). This will ensure that fake profiles don’t get to customers first
  • Employ an Internet Security company to monitor the social media networks and identify any fake profiles for your brand – it’s not an easy task, and you should seek help amongst the experts in the industry