• Home
  • /Learn
  • /How to Identify a Fake Facebook Profile
background image


How to Identify a Fake Facebook Profile


Do you know how to identify a fake Facebook profile in 2024?

Whether it be for professionals or organizations that leverage Facebook for advertising, understanding how to spot fake profiles online (and the potential threats they pose) is critical.

In 2024 alone, statistics showcase that:

  • Millennials make up almost 50% of Facebook's user base

  • Users spend an average of 20 hours per month on the platform

  • Over 80% of users access the platform via their mobile devices

  • More than one billion people connect with businesses via Facebook each week

  • 91% of organizations have a Facebook profile

  • Facebook is the leading platform for social commerce

So how can you incorporate fake Facebook profile identification into your Employee Awareness Training, and what threats does it safeguard against? Let's explore:

The Psychology Behind Phishing... and How Social Media Plays a Part

As we explore more deeply in our counterpart blog, "How to Identify Fake LinkedIn Profiles", the psychology behind why social media-based phishing is so effective boils down to the following: the bulk of professionals feel that they know better than to fall for phishing tactics.

However, this does not ring true. Individuals who become the targets of phishing are oftentimes well-to-do staff who keep a keen eye out for social engineering in their day-to-day.

Here are just some 2023 phishing statistics, all of which are set to increase in 2024 and beyond:

  • 82% of data breaches contain a human element

  • 90% of social engineering attacks target employees vs. technology

  • CEOs are targeted 57 times per year on average by social engineering threats

  • There are 75x more phishing sites as malware sites in 2023

  • In 2020, phishing was the #1 complaint for both individuals and businesses

  • The price of the average successful social engineering attack reached $4.1 million in 2022

  • Social engineering attacks are taking, on average, 270 days to identify and contain

On Facebook, a standard phishing attack is delivered through a message or link that asks the intended target to provide or confirm certain personal information. This is often conducted via a direct message or using a Facebook post.

If successful, the information generally grants threat actors access to the individual Facebook and Messenger accounts. This oftentimes comes under the guise of a message or email informing the target that there is an issue with the account and that a login is needed to remedy the issue, which, in turn, takes the target to a lookalike site.

Once the target clicks through to this imposter site and logs in, the threat actor then harvests all available credentials which could be used for identity theft or gaining access to other accounts that utilize the same password or email.

How to Identify a Fake Facebook Profile in 2024

Whether they be run by a bot or manually by threat actors, the trick to identify a fake Facebook profile in 2024 boils down to keeping an eye out for the following:

  • A Lack of Convincing Photos: Since the aim of bots is to leverage minimum levels of effort in order to create the illusion that a real person is behind the account, a lack of photos (or photos that look like they have been plucked from a stock photography site) can be giveaways that an account isn't all it appears to be

  • Inconsistent, Strange, or Poorly-Worded Bios: Whether it be for an individual or a business, a biography that touts poor grammar, provides information that seems inconsistent, or outlines information that seems out of place can be a red flag that the profile is not what it appears to be

  • Skewed Engagement Rates: Accounts that showcase either extremely high engagement rates or extremely low engagement rates often point towards bot behavior

  • Recent Creation Date: Lastly, accounts that were recently created (or that you notice keep re-appearing as newly created) can mean that Facebook is frequently removing their profile from the platform due to suspicious activity

Reasons to Incorporate Social Media Phishing into Employee Awareness Training

Phishing and social engineering continue to be one of the top causes of cyber incidents across North America. Since technology does not always halt these attacks, ongoing and in-depth training for staff to know how to identify and report threats in a timely way is crucial to protect both themselves and the organization they belong to.

At the end of the day, all it takes is one individual to slip up for a catastrophic cyberattack to take hold of an organization. Benefits of periodic Employee Awareness Training includes, but is not limited to:

  • Mitigating Cyberattacks: Investing in programs to help employees recognize the warning signals and train them to respond to threats reduces the susceptibility of employees and protects companies against cyberattacks 

  • Empowering Employees Against Common Scams: Phishing emails pretend to be from reliable sources but are actually a part of the scam. Through company-wide cybersecurity training, employees are taught how to spot suspicious attempts to steal data. Programs offer real-world instances of data breaches to drive home the point about cyber hygiene

  • Building a Strong Internal Cybersecurity Force: It takes time, attention, and dedication through top-notch training to establish a strong and safe work culture. By providing employees with cybersecurity training, you can foster an environment where employees feel free to discuss their security experiences

  • Boosting Staff Morale: The security of an organization depends on the trust of its employees. By training employees, companies lessen the likelihood of human mistakes resulting in a data breach. Additionally, training will prevent employees from second-guessing and doubting their decisions, which will save them time and increase their productivity.

  • Cross-Department Familiarity with Compliance: Trained employees strive for compliance as they are better equipped to handle sensitive information


Regardless of whether it be for professionals who utilize Facebook in their downtime or for organizations that have an advertising presence on the platform, understanding how to spot fake Facebook profiles online (and the potential threats they pose) has never been more important... especially when incorporating social media phishing into Employee Awareness Training.

If you're reading this, your organization is already in the market for a pentest. Contact our team today for your free, zero-obligation quote.

Have Questions? Need a Quote?

Contact our team today to see how we can help improve your security posture. Get a no-obligation quote and a copy of our sample report to help you get started.