The growth of social media platforms in the last decade has changed the way people interact with one another. However, the use of these media has also created new opportunities for individuals and organizations to deceive social media users. Deception on social media continues to be a major concern and its detection and prevention has been attracting a lot of attention by researchers. In this article, we present the motivations for deception in social media, Identity concealment type of social media identity deception, how to identify them, and how to avoid them.
Deception on Social Media: Deception occurs when one leads another person to believe something that he (the deceiver) does not believe to be true (Ekman; Miller & Stiff). Identity deception occurs when someone pretends to be someone, but he is not. The victim (receiver/social media user) is unaware that the identity of the sender (deceiver) or part of the information in a message is concealed, altered or deceptive. Some of the motives behind social media deception are relationship driven (building strong relationship) and identity driven (protecting the deceiver’s identity). There are three types of social media identity deception: identity concealment– occurs when part of the identity information or its source is omitted or altered; identity theft– occurs when a person’s identity is stolen; and identity forgery– occurs when a new persona is created along with a new history record.
In this article, we discussed identity concealment type of social media deception, which occurred on WhatsApp social media. We outlined how to identify identity and information source concealment, and provided suggestions on how to deal with it.
In identity concealment, a user of social media (sender/fraudster) conceals some of the information about himself or the original source of the information. The sender can be an individual or an organization. The concealment creates a different perception about the sender or the sending organization. Users then perceive this individual or organization as authentic. Pools of actors or social media users believe the fake identity or organization and begin to interact with this fake entity.
“Information Source Identity Concealment” is one form of identity concealment deception. Many Ghanaians have been defrauded by this type of deception. In this type of identity concealment deception, the deceiver hides the actual source of the information and then presents the information as if he or his organization is the source of the information. The deceiver acts as a “middleman”, but the recipient (victim) does not realize that. An example of Identity (source) Concealment message is a screen shot of WhatsApp message shown below.
|Text message hiding the original source of the information|
The Institute of Cybersecurity and Information Assurance (ICIA) of Ghana is an organization that provides cyber security and IT Audit training, consulting, and free advisory services in Ghana. On 3rd January 2018, ICIA received above text from WhatsApp user- a teacher. As shown above, the text invited experienced teachers who want to teach in the US to submit CVs to the named travel agency (named in the text not shown for privacy reasons).
How can this be an Information/Identity Concealment? The original source of this information was from US Teachers Council. The US Teachers’ Council has a J-1 Visa program which invites experienced teachers to apply for teaching position in the US. The US uses this program to attract talented and experienced teachers to the US. The application form is available on US Teachers Council’s web site, and it is free of charge. Candidates first submit requested information (found on their website) for initial screening. If a candidate is successful, he is contacted and taken through series of interviews until candidate is finally selected. The program does not require “middlemen” or agents. The text is concealment because the sender (deceiver) hid the actual source of the information (US Teachers Council Teaching Program) so that users have limited knowledge about the program.
Why Does This Matter? It matters because many fraudsters are in this type of business, and are making money from this type of deception. Hundreds of Ghanaians have fallen for it- like the US DV lottery program.
How do we identify identity concealment and deal with it? Some of the ways of identifying identity of a sender of a text has been concealed are as follows:
- The sender gives users or readers limited time to respond to the text. Readers are not given enough time to research about the authenticity and source of the text. When you are being rushed in a text you have interest in, stay calm and do research about it. In the above text, the “LIMITED SLOTS AVAIALABLE” texts let readers “rush”, to register for the program without verifying the source and the authenticity of the text or information.
- The sender uses the information in the text to advertise himself or his company than the actual source of the information. In the above text, the sender announces his company as: “T***** and T*** B***** (Full name is masked for privacy sake) is a subsidiary of Belcom Ghana Group”. This announcement has no link with the whole text-which invites teachers to apply for the program. We did not find the identity of this company when we did name search from Registrar General Department’s website.
- The text does not contain the source’s information. Check and see if the text contains the website or company’s information of the information sent to you. In the above screen shot, we expected the fraudster to name the organization that is recruiting teachers-US Teaching council, but he did not.
- The fraudster directs readers or users to himself or his organization than the true source of the text. In the above example, the fraudster gave his email address and his phone number and directed all applications to himself or his organization.
- Sender hides source of the information, but does not give reasons for hiding the actual source of the information. When a reason is given, check and see if the reason makes sense to you.
- Some senders (fraudsters) may include the actual source of the information, but may tell users to register through them. When the source of the information is given, take time and do “cross validation”. Cross validate by researching for the phone numbers and email contact of the actual source, gather information from there, and compare it with the original text message.
- If cross validation becomes a problem to you, but you are interested in the information sent to you, consult IIPGH (org) or ICIA (myicia.com). They will do research and give you a feedback within 24 hours at no cost.
Samuel Owusu- Institute of Cyber Security and Information Assurance, Ghana-ICIA (Affiliate: Institute of ICT Professionals, Ghana)