Posted on

Fake IDs: A problem for Social Media Platforms

You may have heard about how social media has had to learn to deal with perilous fake news that has plagued virtually all platforms. However, now, a more vicious and much more dangerous threat is rearing its ugly head again: fictitious identity verification.

If not for such fraudulent verification and at times lax systems that accept these fake IDs, users on social media platforms would be much safer and fake accounts would be a lot harder to create. The more significant problem is weeding out these bad actors as IDs are almost always used to verify fake accounts.

Fake IDs allow fake accounts to exist and function. It really is as simple as that. Recent research has shown just how big the problem is. About 15% of all Twitter accounts are bots and 15-20% of activity on the platform may be attributed to fake users, automated tools and scripts. To put this into context, more than 70,000 accounts on Twitter may not represent a real person. Fake IDs allow people to verify illegitimate accounts and function undeterred on the platform.

This problem is further confounded by the fact that fake identifying documents are frequently used to pose as account owners to be granted access to the account, allowing them to manipulate it as per their agenda. The key to dealing with fake accounts is addressing fraudulent verification information, i.e., fake IDs.

How Fake Identification Cards Are Used

The mechanisms that enable fake IDs to remain so persistent may be the social media companies themselves who feel the need to continuously report growth and may not be incentivized enough to concentrate their efforts to address this. A purge of fake accounts is sure to deflate user growth numbers. This allows anyone to take advantage of simple ways to game the network.

You too can do this. Suppose you want to access a person’s Facebook account by using the recover account option, but you don’t have the required credentials. This is what you would do:

  • Acquire valid legal or government issued ID. If you can’t get your hands on this kind of identification (most people usually can’t), you must forge identification cards/documents.
  • Creating fake identification is a straightforward process. You simply need to make a fake card such as a fake driving license. There are numerous services on the web that can help you with this.
  • When you’re done, just ask Facebook to recover the account in question. Facebook will ask you for valid identification (the fake identification you just made) and will grant you access to the account.

It honestly is as scarily simple as that. The true implication for such a simple and effective black hat technique is that no account is truly safe.A less common tool is targeting unsuspecting users who friends everyone and anyone. Such users are identified and then sent malicious scripts which may use keyloggers to obtain credentials.

Several prominent politicians and public figures have been victims of phishing attacks, but many more have fallen prey to simply techniques like these. The forgery may have professional help. Numerous organized crime groups connected to passport forgery have been happy to provide their services and unique skillset in assisting with creating false documentation.

Twitter and Fake IDs

The documentation sans mistakes that an amateur would make passes muster and is ready for wherever you need to use it. Twitter is no stranger to the problem of fake IDs. Verification on Twitter usually means the blue tick you see next to an account name. The process of getting verified on Twitter may involve the account owner to present some legitimate ID. This is where someone may present a counterfeit ID card.

Twitter seems to have clamped down on the specific documents you can present for verification in an effort to curb the use of fake IDs. However, it is still very easy for anyone to obtain verification if they have an excellently forged document.

Instagram, owned by Facebook, has also faced backlash for how it verifies identification whenever a possible conflict of ownership comes up. The process reportedly only requires a simple picture of the account owner, so one won’t even have to go through the hassle of getting a fake ID card.

How Platforms Are Fighting Back?

Facebook seems to be aware of the problem which persists around fake identification verification and is keen to point out that it is constantly improving its systems and upgrading its facial recognition algorithm. Currently, Facebook uses both a manual and automated approach in verifying IDs.

Accounts are first marked for verification if they trigger any one of the countless internal alerts built into the service. A well-known alert is essentially a location mismatch, e.g., an account that signs in from Bolivia but is posting from India. This was used to identify a number of fake accounts in the purge following the 2016 US election.

The social media giant has said it is working on improving the facial recognition component of its verification toolkit by using images from verified legitimate users to improve its AI for identifying a manufactured image from a real image.

The industry itself is gearing up for stricter safety standards. There has been talk of using 2FA (2-factor authentication) at the time of account creation and biometrics (think fingerprints) on supported devices. Using artificial intelligence, pattern analysis and heuristics, platforms may consider using a trusted portal to create accounts that must be cross-checked with another account you may have with a different web service or social media platform.

This has, however, faced some resistance because it effectively removes the element of anonymity that some users like political activists or whistle blowers actively seek. It is pertinent to mention that whatever shape this ultimately takes, it must consider the social outburst and public reaction.

Various filter algorithms are being built to screen out fake ID cards. Some of these classification algorithms employ graph analysis, while others use cluster analysis. Most algorithms are being trained on datasets acquired through amassing legitimate identifying documentation.

For example, if a user presents a driving license from the state of Maine as a valid ID, the algorithm will employ image processing to check if the supplied card has data points similar to those in its cluster of  legitimate Maine driving licenses. Such approaches are able to find the minutest of counterfeit mistakes such as a misaligned photograph or incorrect labeling in the iridescent background.

Improvements may be coming in the near future, but right now, the process is far from foolproof. Various black hat sites have reported that several accounts that were temporarily disabled by Facebook for either violating its Community Guidelines or sharing posts like an automated script have easily been retrieved by something so simple that it is outlandish; simply take a photo of your profile picture, upload it, wait a couple of days and then login.

This hack has been reported to be working by several outlets. Above all, and this truly cannot be stressed enough, use common sense. Always secure your own ID cards and never ever hand over your personal identifying information to anyone over the internet or even to someone you know. The cyberspace can be a frightening place, but follow the best practices and keep an eye on your account’s activity to make sure it is safe.

Leave a Reply