"Serial killer Fred West" creates fake fan page on Facebook

Sophos Press Release

Facebook urged to tighten up its rules on Fan Pages amid security warnings

IT security and data protection firm Sophos is warning that Facebook's rules for creating Fan Pages are too lax, leaving millions of users vulnerable to being tricked into joining fake sites and exposed to bogus and potentially malicious content.

The calls come after Sophos's own senior technology consultant, Graham Cluley, revealed he is the subject of a fake Fan Page - created without permission by a user pretending to be notorious British serial killer Fred West.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

"Innocent people - friends, acquaintances, and anyone who might follow my blog - are joining the Fan Page in the belief that they are somehow following me. They have no way of telling that I didn't create this Fan Page," said Graham Cluley. "As someone who has received anonymous death threats from Facebook users in the past, I don't see the funny side in someone called Fred West creating a Facebook Page about me."

Posting from Fred West on Facebook Fan Page for Graham Cluley

Facebook rules state that only authorised representatives of companies, celebrities and music groups are allowed to create Fan Pages - other users should create groups instead. Cluley has reported the abuse to the Facebook team and asked them to remove the Fan Page, but no action has yet been taken and the page remains in place.

Sophos is reminding Facebook users that creating fake content like this raises serious security and reputation issues and that everyone using the site needs to be especially vigilant.

"Imagine if a celebrity with a huge following like Johnny Depp or Sandra Bullock had a fake Fan Page set up using their name. An imposter could potentially gather hundreds of thousands of Facebook fans, before one day deciding to update them all with a malicious link or send them a dangerous scam," explained Cluley. "Alternatively the victim of a fake Facebook fan page could have their character besmirched by someone choosing to post offensive or defamatory updates in their name."

Graham Cluley Fan Page on Facebook

As well as urging Facebook users to be vigilant, Sophos is also calling for the site to tighten up its processes for creating a Fan Page to prevent this happening in future.

"We believe that simple changes made to the site will make Facebook users safer," continued Cluley. "If Facebook simply tightened up the process for creating a Fan Page on its site, so that the creators needed to verify that they are genuinely affiliated to the celebrity or company they are making the page for it would drastically reduce the number of fake Fan Pages and make the site safer."

Sophos advises that social networkers should not invite their friends to join any Facebook page or application until they have properly researched it.

"We must remember that Facebook is by far the largest social network and so it's not surprising that it is particularly vulnerable to misuse. We know that the security team at Facebook works hard to counter threats which appear on their system - it's just that policing over 400 million users can't be an easy job for anyone," explained Cluley.

For further information about the issue, read Graham Cluley's blog .

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.