04-08-2012, 03:22 PM
Profile cloning
profile cloning.docx (Size: 192.71 KB / Downloads: 30)
Introduction
Social networking sites are getting much popular day by day. Almost every computer literate person has at least one social network account, and they spend a large amount of their time on social networks each day. Well known sites such as Facebook, LinkedIn have millions of users across the world. The users use these sites to contact long lost friends, share photographs, establish new business connections, and stay connected.
Social network users tend to have a high level of trust toward other social network users. They tend to accept friend requests easily, and trust items that friends send to them. Nevertheless, social networking sites are an attractive target for attackers because of the nature of the sensitive information that they contain on registered users. Typically, users enter their real e-mail addresses and provide information on their education, friends, professional background, activities they are involved in, their current relationship status and sometimes even list their previous relationships.
With the wide popularity there are lot of security threats for online social networks such as privacy, viral marketing, structural attacks, malware attacks and profile cloning. In this paper we discuss profile cloning and its type.Because of its large user base, and large amount of information, they become a potential channel for attackers to exploit. Many social networking sites try to prevent those exploitations, but many attackers are still able to overcome those security countermeasures by using different techniques.
Profile cloning is the automated identity theft of existing user profiles and sending of friend requests to the contacts of the cloned victim to use the cloned profile for illicit purposes. Also, we study a technique that can be employed by users to investigate whether they have fallen victims to such an attack. Users fall prey to profile cloning because they disclose a lot of personal information. We also discuss certain protective measures that can be taken by the user to protect from Profile cloning. Finally, we discuss how important it is to provide the right amount of information and personalize their privacy settings.
Aim of the seminar :
Our seminar aims to cause awareness and a responsibility of the user towards an online social network. This seminar, explains to the user that they should have careful considerations while sharing contact information, comments, images, videos, etc. we study a technique that can be employed by users to investigate whether they have fallen victims to such an attack.
Users fall prey to profile cloning because they disclose a lot of personal information. We also discuss certain protective measures that can be taken by the user to protect from Profile cloning. Finally, we discuss how important it is to provide the right amount of information and personalize their privacy settings.
Organization of Report :
In chapter 2, we discuss the affects of profile cloning. Profile cloning has a lot of adverse affects on the victims as well as on the victim’s friend.
In chapter 3, we discuss the types of profile cloning which includes same site profile cloning and cross site profile cloning.
In chapter4, we study a technique that can be employed by users to investigate whether they have fallen victims to such an attack.
In chapter 5, we discuss the protection measures taken against profile cloning in social networks.
In chapter 6 we have given conclusion and future scope of seminar.
AFFECTS OF PROFILE CLONING
Profile cloning has a lot of adverse affects on the victims as well as on the victim’s friend. It mostly depends on the attackers of what type of an attack they want to do on the user by using his cloned profile.
Some of the illustrations of the attacks are given below:
On industries and companies:
Nowadays, Industries and companies are using a lot of online social Networking sites for sales of their product. Social networking is one of the most important online marketing developments in recent years as it is now a vital tool for thousands of businesses looking to connect with new and current customers and business associates. There are lots of things businesses can do with social networking sites in order to promote themselves. The explosion of social media has been enormous. This means that any business that is serious about marketing online is now making use of websites such as Facebook , Twitter and LinkedIn. The best thing about these networks is there free and easy to use. The website allows you to reach a vast global audience or target specific demographics using tools such as pages and advertisements. It provides great opportunities for businesses looking to diversify their online marketing strategies and develop a good marketing mix. Using social networking sites to generate new business, they can be used to develop your business contacts. For instance, many businesses use websites such as LinkedIn as well as other, more industry-specific forums, to network with other companies and share mutually-beneficial expertise. Increasingly, face to face meetings are also arranged through social media, so keeping in touch is not only good for advertising your services, but it could also introduce you to new real world contacts that will benefit your business.
Whenever a person visits a website of a certain product, the website mostly advises to like it on its facebook page. People generally go and like it on the Facebook page and also see the reviews of the product. Now, if for instance an attacker has cloned the facebook page of the product and wants to make an inimical effect on the company he can use the cloned profile to do so.
Generally, he can use certain measures like writing ill measures about the product or can show any inappropriate images on the cloned profile. Users of Online Social network sites will generally think that this are the real comments and will definitely think that the product is not good.
Attacks affecting a person personally:
Another example could be of attacker cloning a profile of a celebrity. Suppose an attacker has cloned a profile of celebrity A. Also, let us take for instance there is already a cold war between Celebrity A and Celebrity B. The attacker uses the cloned profile to write inadequate comments for celebrity B. Celebrity B will think that it is written by Celebrity A itself. This may have an adverse effect on both the celebrities.
Another effect could be of an attacker cloning a profile of a business person. The attacker may use this cloned profile to attack a business profile. For instance, the attacker may ask the personal assistant or a friend of the business person for any personal data such as the security number or email and password of certain secured account. By using such measures, the attacker may use the cloned profile for bankrupting the business person for any false things.
An attacker may also make a cloned profile to disrupt a person’s image. For example, an attacker has certain images, videos of a person; he may upload these images, videos on the cloned profile. The attacker may also use this cloned profile to write any inadequate comments for someone else using this cloned profile.
The attacker may use the cloned profile for variety of ill purposes affecting a person or company’s reputation. Also the attacker may use the cloned profile for stalking, phishing attacks or for spreading viruses to another person’s computer.
DETECTING CLONED PROFILES
As a user of an Online Social Network we should always see to it that our profile is safe and has not been cloned by anyone. As a security person for detecting cloned profiles, we have designed an approach in which we can find whether the profile of a user is cloned or not. This strategy succeeds most of the time and sometimes may not as there are many users having the same features. In this paper, we propose a tool that automatically seeks and identifies cloned profiles in social networks. The key concept behind its logic is that it employs user-specific
(Or user-identifying) information, collected from the user’s original social network profile to locate similar profiles across social networks. Any returned results, depending on how rare the common profile information is considered to be,
are deemed suspicious and further inspection is performed. Finally, the user is presented with a list of possible profile clones and a score indicating their degree of similarity with his own profile. The contributions of this section are the following.