Just about anyone can set up a fake account on just about any website. Facebook and other social media sites are popular targets due to the amount of traffic they get and the variety of scams that can be perpetrated against legitimate users.
Facebook estimates that as of December 31, 2011, false or duplicate accounts represented approximately 5-6% of monthly active users, but also stated, “This estimate is based on an internal review of a limited sample of accounts and we apply significant judgment in making this determination, such as identifying names that appear to be fake or other behavior that appears inauthentic to the reviewers. As such, our estimation of false or duplicate accounts may not accurately represent the actual number of such accounts.”
Why would anyone set up a fake Facebook account?
To steal your clients or potential clients. To squat on your name or brand. To post infected links while posing as legitimate individuals or businesses. To offer deals with links to spoofed websites in order to extract credit card numbers. To damage your name or brand. To harass you or someone you know. To co-opt a name or brand that has leverage in order to obtain privileged access.
Social media websites could go a long way in protecting their users by incorporating device reputation management. Rather than relying solely on information provided by a user (who could be an impersonator), device reputation goes deeper, identifying the computer or other devices being used, so that known scammers and spammers are exposed immediately, and potentially threatening accounts are denied and users abused.