Imagine going to a social scene of your choice and meeting a cute guy or gal. They give you a name, a background story and you both seem to be hitting it off. You exchange numbers, text each other to make sure it goes through and make plans to chat later.
What if everything but the number given to you was made up?
This is what happened to a friend of mine. We’ll call her Z and I double checked to make sure she was alright with me talking about her story.
A guy, we’ll call him A, walked up to her in a social setting, gave a name and a background story and the two really hit it off. Because I was acting as a chaperone of sorts, I also met A and heard the background story which sounded too incredible to be true. But, I have heard crazy true stories before.
Throughout the year, Z told me about how her relationship with A and it was progressively getting worse. Eventually, with help from other friends, I finally convinced her to leave A. She did and that was that…so we thought.
A few months later, Z and I was talking and she mentioned that another woman dated A and had similar experiences. Suspicious, Z decided to ask if I could find as much information on A as possible. All I had was a name, a number, and a picture.
It is an obvious but often overlooked fact that we leave footprints on the internet. This is especially true for social media. With a simple search, you can find out where someone lives, their job title, email address, age, birthday, hobbies, fears, and more. It all depends on what that person shares in addition to publicly available records. The best part is that this is completely legal. No hacking. No social engineering. No threats or blackmail. Just searching.
I started the information search with the picture. It was of Z posing outside in the city. On the bottom right was writing. A new name, B. I immediately suspected that A was a fake identity but I still needed to find as much information as I could.
Rewinding a little.
A couple of months before I was asked to do this, I had made up a fake identity as well. Largely for playing on Capture-The-Flag sites and out of curiosity as to what will happen to social media accounts under this name. As a result, my fake persona had an email account, an internet phone number, a LinkedIn page, and a Facebook page. This fake identity of mine came in handy for information gathering later.
Back to the search.
My search for A and B both produced a website and a Twitter page with little information on it for each. The search for the phone number told me that it was a VOIP number and belonged to some small company. With the information I had, there was little I could find which came as a shock but raised more questions. Why would A/B, who has told people about his amazing life, barely have any information about himself online?
Fast forward a year and some months.
Z came across new information about A. Another woman was given a different name by A, C. This time, I was asked to see if C was A’s real name. I had three names, one phone number, and the previous findings.
Using my fake profiles, I searched Facebook and LinkedIn to see if I can find a page for C. Unfortunately, C was a pretty common name so I got hundreds of results back. Time for Google! The results did produce a twitter page which I did not need an account to view. On the page, I saw references to the small company that the phone number is registered to. A clue!
Back to Facebook, I checked for that company. It was a 2-5 man shoestring team with a heavy focus on machismo topics that only horny teenage boys would indulge in. I checked the company’s friends list and found a page for A. Following the link, I checked his friends but no mention of C. Found B but we all know that A and B is the same person.
A few hours later, I had exhausted all of my leads. I knew that A was connected to C through a phone number and the company. I had confirmed this by visiting the company website and searched for staff names. Beyond that, I had nothing but more questions.
Throughout the whole experience, I kept noticing the lack of pictures of A on social media profiles. Not one! It suggested that someone really took time to remove himself from the internet and replace it with at least one fake identity. Maybe two?
I gave my findings to Z who was planning to present it to the leaders of her social circle. I thought that was the end of it until days later, Z gives me a new name, D! It was a name I had come across before searching for C but did not explore because I felt it was outside the scope of the search. Now, it was fair game!
I already knew D was a part of the company A/B and C were a part of. A quick Google search produced a Facebook page for D. Using my fake persona, I viewed his page. The first thing that struck me was how similar D’s page was to the company’s Facebook page as well as A’s. I checked for D’s friends. Soon, my palm hit my face. There he was, C!
I followed the link to C’s profile. It was an old and bare profile. Fortunately, it did not matter. At the top of the page was a picture of a familiar face. I immediately recognized it as A! I had the proof I needed to show that A was in fact C!
I quickly wrote up my new findings and sent it to Z for her presentation. As far as I know, the social circle leaders were going to take action against C though I do not know what that action would be.
Looking back on the whole experience, it was a little unsettling that an amateur like myself could sift through multiple fake identities and find the real person. And it is not like the guy wasn’t trying to hide himself. Only one picture of his face on a hard to find profile page. An internet phone number belonging to a questionable company. Profile pages with very little information. Fake names. No physical address given. Yet, all it took was one forgotten link to uncover the truth.
The experience also reminded me of another simple truth. Fake identities are just that. Fake. Maybe there is some truth in the identities but there is always something fake. My fake identity does not share my name, age, birthday or job title with me. At the same time, I do not use my fake identity to represent myself in the real world as C had done.
My final thoughts on fake identities?
You can’t stop fake identities being created online. In fact, I just gave mine a twitter account this morning. I personally believe there is nothing wrong in creating a fake persona for online usage. Sometimes, you want to order something and have all of the following spam sent to the fake account. Other times, you’re researching questionable and have to provide an email address. Fake personas and internet numbers are great for that. The real issue comes about when that persona is used to represent you in the real world or legally. If I used my fake identity to represent me in the real world, someone will dig into it and find cracks. Eventually they will find me. Because I actually exist.