Shady Marketplaces Selling Fake Facebook Profiles Operate In Plain Sight

Audrey Mitchell will be a 23-year-old completely new York City transplant through London. She’s an aspiring design working at KFC. According to her profile on Facebook, where she has 921 friends, she likes the completely new York Knicks, the movie Me along with Earl along with the Dying Girl, along with the St. Paul, Minnesota-based hip-hop duo Eyedea & Abilities. She’s currently single, nevertheless her Facebook Messenger inbox will be full of unknown men sending her stickers, emojis, flirty messages, along with dick pics. She loves cupcakes. Also: She doesn’t genuinely exist.

I know that will for certain because the idea took me just a few clicks along with one painless $13 bitcoin transaction on a Russian website to buy Audrey Mitchell along with her believably constructed digital footprint. After the transaction, an emailed link offered up a downloadable file containing the unique phone number Audrey’s account was registered under, a password, along having a registered birthdate — all the necessary credentials to gain access to the account.

Within 30 minutes I was behind the wheel of Audrey’s page, liking pictures, posting status updates, along with warding off creepy messages. There was little to suggest that will the page was inauthentic — or that will its operator was a 30-year-old journalist in Montana.

Across Facebook there are countless others just like Audrey — dummy accounts with partially written backstories, a tiny posting history, along having a photo gallery of real people taking real selfies. They trade hands in a vast web of fake-account marketplaces, where, for a tiny sum, any interested marketer, scammer, or troll can amass a legion of seemingly human profiles capable of outwitting Facebook’s detection. along with though Facebook CEO Mark Zuckerberg told Congress that will April that will “you’re not allowed to have a fake account on Facebook,” the marketplaces continue to thrive in plain sight online.

“There must be millions [of accounts for sale],” one Facebook account seller based in Europe speculated to BuzzFeed News regarding the size of the fake accounts market. “I go to these big marketplaces along with see they have several thousand [profiles] in stock at all times. I couldn’t say if the idea was tens of millions or hundreds of millions nevertheless Facebook deletes some along with people keep producing them. Always.” Similarly, when asked how many fake accounts I could purchase through them at one time, the seller told me, “I could send 5,000 accounts right away.”

“I could send 5,000 accounts right away.”

Facebook told BuzzFeed News that will fake accounts represented approximately 3% to 4% of its 2.19 billion monthly active users during the fourth quarter of 2017 along with first quarter of 2018, though the company suggests that will the accounts sold in these types of marketplaces represent only a tiny number of the fake accounts that will Facebook monitors.

The company will be constantly battling phony accounts. On Tuesday, Facebook announced in a transparency report that will the idea disabled 583 million fake accounts along with millions of posts that will included sex, spam, along with hate speech in just the first three months of 2018. along with yet Facebook account marketplaces manage to operate in plain sight: A Google search for “PVA [phone-verified accounts] Facebook” returns dozens of websites selling accounts that will are registered with unique phone numbers along with are therefore recognized by the social network as more likely to be legitimate accounts. These marketplaces exist in direct violation of Facebook’s terms of service along with brazenly offer step-by-step guides for bypassing the company’s detection while using bogus profiles.


Via Accsmarket.com

A standard description of an aged Facebook account on one of the various marketplaces.

While one account seller told BuzzFeed News they had “almost never seen a market for stolen accounts,” the idea appears the marketplaces have incentivized hackers to try to steal Facebook accounts through real people. In one instance documented by Erin Gallagher, an independent data journalist, an Egyptian hacker broke into the Facebook account of a dead man in order to steal along with sell the profile to a marketplace. “In each account you get 20 pounds / person who buys them because they want old accounts,” the hacker told Gallagher.

Facebook said the idea will be aware of these bogus account marketplaces, which the company notes are not unique to the platform. (Plenty of Twitter, Instagram, along with email accounts are also available for purchase.) “We actively review online marketplaces to help disrupt scammers who try to sell fake accounts. Our machine learning systems help block millions of attempts to create fake accounts each day, along with we catch many more once someone tries to use them,” Bill Slattery, Facebook’s head of e-crime investigations, said in a statement. Slattery also suggested that will the fake accounts marketplaces may be inflating numbers or, in some cases, selling bogus information. “Just because an account looks available for sale doesn’t mean the idea’s actually valid or that will the idea can be used successfully without getting caught. We also work with law enforcement when appropriate.” All nine phone-verified accounts I purchased through two separate marketplaces while researching that will piece worked along with successfully avoided detection through Facebook while posting.

“In a few days you will have thousands of friend requests.”

The most basic of the fake profiles available for sale are “softreg” accounts, which are recently auto-registered using software programs along with have few friends. These appear to be purchased in bulk — in April, one Russian site was selling as many as 2,100 softreg accounts for 5 cents each. There are “boosted” accounts, which are either manually registered or created using a softreg program along with populated with friends comprising a mix of bots along with mutual followback agreements. along with finally, there are “aged accounts,” which claim to have been activated between four along with 10 years ago. Across the marketplaces, aged accounts are considerably more expensive (running anywhere through $5 to $150 per account) as they’re much less likely to be flagged by Facebook’s account-monitoring software.

A Russian site called AccsMarket offers interested buyers the opportunity to purchase accounts registered as early as 2004 (the year Facebook launched) with 5,000 allegedly real, non-bot friends for $150 apiece. When BuzzFeed News inquired to see if an account was preregistered along with left dormant or acquired through a real person, the company said only that will the account was “abandoned.”

In some cases, the idea will be unclear where a fake account ends along having a real identity begins. In January, I bought several profiles — including several sets of unique profile along with photo album pictures, as well as Google Voice phone numbers to authenticate the accounts along with provide them with believable identities — using an aged-account marketplace. In each case, the photos provided were original images of real people. A reverse image search for one of Audrey’s profile photos revealed that will the idea appeared to belong to a Russian design named Yuliya Yanchenko, who did not return a message asking for comment.


Via Tagbrand

Audrey’s photos showed up on the Russian site Tagbrand under the name of Yuliya Yanchenko, a design.

A Facebook profile seller told BuzzFeed News they typically purchase pictures through a group in India that will harvests photos through places like the Russian social networking site VK, which will be not indexed by Google along with therefore less likely to show up in a reverse image search. The seller told BuzzFeed News that will they prefer to buy photos of attractive women. “If you post pics of a sexy girl along with send friend requests to Indian men, Arab speakers, or South American men, they will accept quick along with then all their friends will request you,” the seller said. “In a few days you will have thousands of friend requests.”

For most buyers, what genuinely matters will be that will the fake accounts are believably real to the untrained eye along with don’t trigger Facebook’s spam protections. To make sure of the latter, many of the aged-account purchasing websites offer explicit instructions to “warm up” the accounts along with make them appear authentic. The website for AccsMarket tells users they “must first perform some common actions that will a normal person might do after registering. Example: fill out the page, subscribe to several people, put a few likes, fill out the page, fill in some photos, make a few reposts, comments, etc.” The accounts seller noted that will one successful way to warm up a profile will be to engage in political debate. “I’d make the account pretend to be in favor of Catalonian independence along with as soon as you post anything about Catalonia along with independence you get dozens of friend requests through indepentists,” the seller said. “All them are VERY active along with ONLY interested in posting along with sharing that will kind of political extremism.”

additional sites offer additional precautions like VPNs, which mask IP addresses along with manage multiple account logins through different devices. Some sites even suggest using software like RF_SCreater, a program that will can generate a fake scanned copy of a Russian passport with the name, date of birth, country, along with city of one’s choosing in order to dupe Facebook when the idea locks an account along with demands further authentication.

nevertheless while the accounts markets appear to be quite active, sellers are frustrated that will Facebook has made verification of sock puppet accounts much more difficult. “Facebook will be currently blocking that will pretty well,” the seller said. “As soon as you post one external link, you are locked or your post will be hidden until you get a very highly trusted account, along with to do that will you need warm the idea a lot.” The seller noted that will of the 500 most recent accounts they’d sold, the idea appeared that will 292 are still active.

According to the accounts seller, “0 to 95% of buyers are marketers” who flood the social network with links embedded inside status updates, group postings, along with private Facebook messages. “along with then,” the seller continued, “there are the low-rate buyers — people looking for personal accounts because theirs were disabled, or looking for an alternative account for playing or trolling. Some girl bought an account [through me] to spy on her boyfriend.” In one instance, the account seller said that will they had to report a potential buyer through Uruguay to authorities after the idea became clear the user was trying to purchase Facebook accounts to pose as a teenager along with potentially begin conversations with young girls.

According to Renee DiResta, a computational propaganda researcher for the organization Data for Democracy, foreign state actors can also use fake accounts for political gain (though Facebook suggested the bulk are used for spam). Fake aged accounts, for example, could provide a necessary cover for trolls looking to start groups to gin up political discord. along with as Facebook cracks down on politically charged ads (a Facebook spokesperson said that will advertisers will be prohibited through running political along with issue ads until they complete a thorough authorization process) DiResta noted that will the fake profiles complicate the company’s job of securing its platform through outside influence. “Facebook has become more sophisticated at detection because the majority of people who buy fake accounts, traditionally, have been spammers who behave a certain way. nevertheless if the idea’s a state actor buying accounts, they’d have more sophistication along with could potentially evade the checks that will catch the spammer profile.”


Via Facebook

At first glance, many of Audrey’s friends appeared legitimate nevertheless a closer look showed them posting spammy links.

Managing fake Audrey’s account was exhausting. Each time I logged in to her page I was besieged having a deluge of friend requests; leaving her page open in my browser led to a flurry of spammy Facebook messages, up to 68 in under an hour.

Life in Audrey’s Facebook world was eerie. On the surface, her page along with feed had many of the trappings of a very normal online life, nevertheless any attempt to probe the idea further revealed the idea to be a hall of mirrors protecting a legion of scammers, sock puppets, along with horny men desperate to chat. My feed was full of posts in broken English followed by suspicious links that will inevitably turned out to be spam; when I sent a series of messages to Audrey’s connections, trying to understand how they’d ended up as friends, most of those who responded replied having a spammy link to a dating site or a request to join a group or to “check out my friend’s page!” Only a few responded in a way that will appeared to be genuinely human; in one case a concerned parent of one of Audrey’s friends issued a stern warning: “Andrew will be a juvenile along with you need to delete that will contact,” they replied.

“We gauge legitimacy based on things like number of friends or followers an account has, or when the idea was created.”

Spending a few hours in Audrey’s upside-down Facebook world, I began to doubt the legitimacy of even the seemingly real content. On Facebook, the idea has become increasingly difficult to know for sure where the content we view will be genuinely coming through, or what the true motives of those who are posting along with sharing are — fake accounts, then, are just another hurdle inside the platform’s constant war against misinformation.

Worse yet, the knowledge that will fully realized profiles could be anywhere has the ability to slowly erode trust in determining what will be real along with what will be fake. “Online, we don’t personally know many of the people we engage with, so we gauge legitimacy based on things like number of friends or followers an account has, or when the idea was created,” DiResta said, noting that will when experts attempt to teach how to detect bots or sock puppets they often ask, “Does the account have friends?”

“As people become more aware that will disinformation will be a problem, we’ve established a checklist of things to help detect fraud — nevertheless established fake accounts bypass many of those checks.” ●

Charlie Warzel will be a senior writer for BuzzFeed News along with will be based in completely new York. Warzel reports on along with writes about the intersection of tech along with culture.

Contact Charlie Warzel at charlie.warzel@buzzfeed.com.

Got a confidential tip? Submit the idea here.



Leave a Reply

Your email address will not be published. Required fields are marked *

*

7 + 9 =