Fake chats pose a threat to individuals cyber and social security

Talabat customer Aya Musmar took to Twitter on Saturday, publishing a screenshot of explicit WhatsApp messages sent to her by a deliveryman who works for Talabat, an online food delivery company. (Pho
(Photo: Jordan News)
AMMAN — A new website that creates fake WhatsApp and Facebook Messenger chats is being used by blackmailers and extortionists alike. The website falsifies conversations down to specific details, all without the victim having to send a message.اضافة اعلان

The distortion of chat is similar to that of Deepfake — a media tool that uses either a photo or a video of someone and artificially fabricates it to make them look like someone else. The Public Security Directorate (PSD) issued a statement cautioning the public not to fall victim to these deceptive methods.

This website creates a fake account using the victim’s name, details, and photos, which are later used to fabricate the chats. Thus, the blackmailer does not need to communicate with the victim and can immediately begin inventing a dialogue, altering elements as minute as the time stamp.

According to the PSD’s media spokesman, the cybercrime section has taken note of members of the public who have already been preyed upon by the fake chats and urged the general public not to succumb to this form of trickery. The spokesperson also encouraged people to direct any information to the cybercrime unit and contact the PSD on the official number and site.

Mohammed Rafiq Zabian, founder of HashTechs LLC, in an interview with Jordan News, said: “For cybersecurity, it (the chat) is not dangerous, for social security, of course it’s dangerous. When it comes to cybersecurity, there are a lot of regulations, but when we are talking about social security, we can say that it’s very dangerous and it can greatly impact someone. The Jordanian law protects against this just as any outside law does.”

The website functions under an online publisher based in the Netherlands called “Zygomatic,” which was founded in 2003 and focuses on gaming distribution and photo editing pages.

“This type of situation creates more of a social problem than a legal problem … because a person cannot protect themselves from these situations if people are naive. However, there are always glitches and things that make it clear that it (the chat) is fake,” explained Zabian

In the Ministry of Information and Communications Technology’s 2018–2023 National Cyber Security Strategy, fake chats are listed under the Crime and Corruption segment, which mentions cyber threat actors and cybercriminals.

The strategy states that threat actors and cybercriminals exploit “the speed, convenience, and anonymity of the Internet to commit a diverse range of criminal activities that know no boundaries, either physical or virtual, cause serious harm and pose very real threats to victims worldwide.”

With a limited amount of information regarding the emergence of this website, Muntaser Bdair, CEO and founder of IT Security Consultancy & Training (C&T), told Jordan News: “Unfortunately, there’s not a lot you can do, except making people aware. With cyber security, the most important thing is raising awareness.”

He points out that other than raising public awareness on the concern, the only measure that can be taken from an IT perspective minimizes the damage but does not prevent it.

“From a technical perspective, what we could do is what we call threat intelligence. … I would go try and understand the tools and the sources (on the website) and where the chats are coming from,” said Bdair.

By determining these factors, Bdair shared that cybersecurity organizations, the government, and other intelligence communities can collaborate and go after the source in order to stop the prevalence of fake chats.  

Bdair and his team researched and tested the software, then staged a mock dialogue between himself and another team member. After checking and analyzing a screenshot of the mock conversation using image analysis and forensic tools, they could not find any evidence indicating the falsity of the screenshot.

(Photo: Jordan News)

Many forensic technologies that are employed — after extracting metadata — are unable to determine that the screenshot is fraudulent, meaning that the screenshot can pass as genuine without any detection warnings.
Bdair also shared that the likelihood of another website popping up if this one got shut down is high.

“They actually automate the creation of another one. In cybersecurity, we use the term command and control. Hackers use command and control centers to create such messages or publish such messages, and when you close one, it automatically goes and configures another one. It’s a cat and mouse game,” he explained.

However, the mechanism to track those responsible for cyber deception does exist and can help minimize crimes of this nature.

One way to do so is by keeping an eye on the “forwarded” label on a WhatsApp message. If the label is present, then the message was not composed by the sender and could have circulated multiple times.

It was found that 78 percent of WhatsApp forwards contain rumors and false information in a report put together by IT Security C&T. It is worth noting that the forward feature is not available in all countries.

Other ways you can reduce the risk of falling victim to a crime of this nature include looking up the information and using a reverse image search on Google to verify its source.

Read more Technology