Two security researchers presenting at a security conference in Europe this week detailed an elaborate, 90-day hoax they perpetrated on an anonymous U.S. government agency by using a fake Facebook profile last December. The researchers, Aamir Lakhani and Joseph Muniz, created a Facebook profile for a woman named “Emily Williams,” and used the profile to send out spam-filled holiday e-cards that allowed the hackers to gain access to the agency’s administrative rights, passwords and classified information.
The researchers began their hoax by finding a pretty female, a waitress working at their local Hooter’s restaurant, to allow them to use her pictures. The hackers said that they had previously tried running the scam with male pictures, but it never worked.
After building up the fake woman’s profile steadily over time, they gave her a professional title at the government agency they were targeting and started friending people within the company on both Facebook and LinkedIn. They connected with employees in IT, human resources and even executive management. Then, when the holidays rolled around, they unleashed the spam-filled holiday cards on the fake woman’s “co-workers.” Emily Williams even received a free laptop from the government agency by using her charms on an IT employee.
The lesson, the hackers say, is that pretty women receive special treatment, particularly in primarily male industries like government agencies. However, the hack also exposed just how easy it is for large-scale scams to be perpetrated on social media without anyone taking notice. The two researchers said that they have conducted similar tests in large financial companies and other institutions, and that the results are virtually always the same.
Be sure to check out the post below to learn how hackers, scammers and even bullies can use fake Facebook profiles against you: