Similar to a stolen name—and often more valuable—is your client’s image with an alternate name.
What if I took the Ford image and made a fake account such as this: Instagram.com/f0rd
Looks exactly like it should, no? But notice the capital 0 (o) in FORD is actually a zero instead of an O. Name searching would fail. But I can search by image with websites such as Google Images and TinEye.com. On Google Images, Ford’s image produced the following top results:
The two bottom URLs above are likely owned and managed by the Ford brand.
How Many Times Can an Image be Used?
Let’s try another example: Conduct a search with Tim Cook’s Twitter photo from @Tim_Cook. You’ll find the same photo is used on @TimothyCookothy, who announces the site is a parody. In recognition of COVID-19, it appears the parody site has applied a mask over the photo.
According to Google Images, the same image is used over 25 billion times. TinEye.com has 39.7 billion images to search against, so they locate the Apple CEOs photo 132 times in its library.
Should you find a match to an image you’re tracking, click through and visit the website. Scan the username; sometimes it is obviously not your person (Tim Cook likely didn’t create @TimothyCookothy).
If a bot couples a social media account with our company logo and pretends to be OSMOSIScon, for example, then it’s a clear violation of our original material. As of this writing, the motor vehicle brand Ford owns and operates accounts on Facebook, Twitter, and YouTube. But Ford does not manage accounts on Snapchat or TikTok. Someone could take over the Ford account on TikTok and SnapChat and post the Ford logo. If that were to happen, the legal team at Ford would write a letter to these services and ask to have the fraudulent account removed.
With a personal account, it is much the same action. I have a personal account on Instagram, so someone can take a photo of me from the Web and create Instagram.com/TrevorMorgan with my photo. It will be up to me, or my agent, to file the fraud complaint.
The Devil is in the Details
In the case of a bot stealing an image, look first at the profile image. If the image looks the same, but slightly distorted, as in new filter overlay, or it’s cropped, then that is likely done to avoid automated detection. Next see if the letters were swapped for each other (i.e., lowercase i and l, the number 5 for an S, etc.). Also, check the audience numbers; bot accounts are valuable for the number of followers and retweets it reaps. If the account you are looking at has little original content, but retweets constantly on a whole array of topics, it is likely a bot account.
Like what you’re reading? Maximize your online investigations with shortcuts, tips, trending investigative tools, and advanced research techniques for all skill levels at the 6th Annual OSMOSIScon in San Diego, October 11 – 13. Join 100s of other cyber intel specialists and immerse yourself in engaging OSINT/SOCMINT workshops (up to 16 CEUs) and explore the Expo, where on-point solution professionals offer experiential learning on their latest products and services to enhance your research and investigations.
Matt and Trevor are investigative analysts at Hetherington Group, where they use their open source research skills to extract data from social media accounts, conduct risk assessments, and monitor subjects for clients in pharma, tech, retail, and entertainment. Both are contributing writers to Hg’s Data2Know, Industry Undercover, and OSINT Slack channels. On their lunch breaks, they can be found outside playing frisbee with their four-legged colleagues.