All of us love to exhibit our hobbies, achievements, and abilities. Browsing through social media sites like Facebook and Instagram — you will find loads of public profiles or semi-public profiles (private profiles with public pictures) at risk of being cloned. Profile cloning is the topic of this article that may save your lives from digital character impersonation and even character assassination.

Those Who Have No Choice but to be Vulnerable  

Certain people (read: public figures) have no choice but to remain vulnerable — since it may be impossible for them to have private or minimized social media profiles due to their nature of work e.g., celebrities, marketing agents, insurance agents, country/political leaders, and whatnots. And actually, in certain context, some public figures’ professions are a lot safer from profile cloning consequences, because of their “unreachable and exclusive” image. 

Let’s say you receive a message on Facebook or Instagram that impersonates Britney Spears, it is very likely you will not fall it. If you are an ordinary person like me (non-celebrity), your immediate thought would probably be “No this can’t be Britney Spears, I have no affair with her, it’s definitely a scammer.” Therefore, you could have another wonderful scam-free day.

The same ‘presumption of innocence’ privilege cannot be earned by ordinary people since most ordinary people have no “exclusive” image about them. Therefore, impersonating them would be more likely to generate response. However, the probability of success is subject to the type of relationship between the cloned profile and the target victim, it could be family tie (the likeliest to get response), friendship (very likely to get response although with considerable alertness from the target), business/work relation (very likely to get response, especially if received from a superior), or stranger trying to establish relation like the one commonly exists in social media and online dating applications. A good tips for a safe online dating practice is to suspect profiles with ridiculously smooth magazine-quality photos.  

The Consequences

We’ve all heard about these two worldwide famous scams: online money scam and online love scam. They are extremely common, which quite makes the sense since humans are thriving for money and love. Many people would pay for love or the other way around — love for money. The next question is: “How did people fall for such scams?”. Firstly, it takes convincing the victim for such crime to proceed to the next stage, which is delivery of a favour, and then voila! A crime is successfully committed and very hard to trace, especially if it involves international money transfer. Lately, Malaysian media have been reporting cases related to ‘love scam’ which led victims losing up to millions of ringgit via online money transfer. See this article as an example.

Possible Profile Cloning Scenarios

Let’s take a look briefly at below figure that depicts few scenarios of profile cloning.

In Figure 1 above, the first segment at the top represents an unethical activity that digs your Facebook and Instagram profiles looking for biographical data and/or public photos. Subsequently, an imposter creates a fake social media profile to trick your friends or even strangers into thinking that it is you (a decent person who just uses social media for maintaining or expanding current social connection).

The second segment in Figure 1 represents the similar activity, but instead of cloning your profile on Facebook, it is done on Instagram (be careful of who you follow!). While the third segment is the most villainous of all: cloning your profile on multiple social media i.e., Facebook, Instagram, Tinder, and God knows what-else. Afterwards, the online money scam and love scam mentioned in the previous section may be made possible to initiate. 

Are you afraid now? You should be! But there is good news! We can keep you popular and safe at the same time. Let me explain in the next section.

Mitigations of Profile Cloning

Prevention is the best way to mitigate profile cloning and it is part of three-pronged cybersecurity strategy developed by Malaysia Digital Economy Corporation (MDEC). HELP University as a Premier Digital Tech Institution (PDTI) member has adopted the recommended mitigations in this article.

Depending on how safe and popular you want to be, there are preventive mitigations that may suit your needs as follows:

1. Super-safe and super-private profile: Set your profile private and don’t put any profile picture. With this highly discrete social media profile, the only thing an outsider may know is your name (if you indeed use your real name on your profile). This setting would still allow you to interact with your inner social circle that you have already added to your friends list. Furthermore, you may also exclude profile picture from your other communication media e.g., email account, LinkedIn account (I saw companies’ C-level staff exclude profile picture from their LinkedIn profiles — smart move!), WhatsApp account, and whatever chatting apps you are on. Moreover, you may restrict your profile name too to only display first name or first name plus the first letter of your last name.
   
2. Very-safe and slightly well-known profile: Set your profile private and put a profile picture, but set it with “friends-only” privilege, so only your friends could view your profile picture in full size. Additionally, I suggest to avoid putting your face-only or close-up photo as your profile picture as this would still generate clear face visualization if it gets screenshot. Some examples of safe profile picture where your face looks tiny and a bit unclear are those activity-based pictures e.g., riding bicycle, sea surfing, stakeboarding, rollerblading, etc. See! You could still look fabulously cool and popular while remaining safe.
   
3. Safe and well-known profile: In case you use your social media for self-promotion or publication, then you would probably put your clear facial picture, real full name, and publicize certain data such as workplace, current location, and even mobile number. BUT, keep these data secret: date of birth and family members/relationships — This will shield your loved ones from being targeted. Also, try not to put a group picture unless it is really necessary; there could be someone in the group picture that could be targeted. I have seen a common smart strategy where the other people’s faces are blurred or covered to protect their privacy. This is a decent and respectable thing to do.

For the third mitigation above, the ‘safe’ word is an overstatement, because when you put your photos and data for public, then you must be mentally and legally ready to face the consequences of profile cloning . I have seen profile cloning happen to my own circle of friends; both on Facebook and Instagram. The quickest mitigation after such crime is detected is to report it to the social media customer service and notify your inner circle (friends, family, colleagues, etc) that somebody has impersonated your profile, hence they can be vigilant of upcoming scam attempt. If serious enough, consider making police report; there is cyber crime unit in the police department that may assist your case.

What to Do If You Suspect Scam Attempt

In case you suspect a scam is being attempted towards to you, for example: you receive an email claiming to be from your direct superior asking to borrow money, then verify it by a phone call to him/her. Or if your online-dating match asks you for a financial favor, then brace your heart and switch on your logic and realize the anomaly. Excitement from knowing new people is normal, but keep your senses alert!.

Conclusion

Profile cloning is very common and people with public or semi-public social media profiles are the most vulnerable to it. The risk can be minimized by reducing the exposure of our social media profiles. Total protection does not exist since we more or less share our data with public. Scrutinize any digital communication and respond considerably. 

References

About the writer:
Okta Nurika, BSc. Hons (BIS) (University of East London), MSc in IT (Universiti Teknologi PETRONAS), PhD in IT (Universiti Teknologi PETRONAS).

Okta Nurika has worked in the tech industry as a network engineer, software test analyst, and software project lead. He has accomplished major telecommunication and software projects in Indonesia, Malaysia, Sri Lanka, Australia, and South Africa. He also has served as an Internet of Things (IoT) assessment consultant in collaboration with TM Forum, a global association of organizations driving digital transformation in telecommunication industry. His published journals and conference papers are related to computer networks, simulation models, and machine learning – mainly optimizations with genetic algorithms. He has experiences in teaching cybersecurity, programming, project management and database management subjects.

Dr Okta Nurika currently works as a Senior Lecturer at HELP University.

References:

https://www.nst.com.my/news/crime-courts/2021/04/682894/woman-loses-rm27-million-love-scam-american-pilot
https://mdec.my/digital-economy-initiatives/for-the-industry/for-small-medium-enterprise-sme/matrix/

Producing industry ready graduates is seen as being the biggest challenge for cybersecurity talent development. To the industry there is always this notion of a shortfall of skill sets and this is more evident for cyber security which is ever evolving. Taking a cue from Asia Pacific University of Technology & Innovation (APU) who have been grooming and churning out distinct Cyber Security graduates for over a decade now into the job market of which this group sits in a ratio of 1:3 on the jobs opportunity playing field. The challenges faced at APU and how they were overcome are quite amazing;

1. Many jobs in the cybersecurity segment ask for 2-3yrs experience so how do fresh graduates penetrate the market. At APU students are given experiential leaning combined with exposure to real-world experiences that elevates their cybersecurity skills beyond theoretical knowledge and hones problem-solving skills. It also provides opportunities to practice blending technical and other skills such as communication, leadership, and teamwork within a security context.
   
2. Reaching out to beyond cyber security programme. Cyber security electives are offered to all the 6000+ tech students whether it’s in fields such as Computer Science, Information Technology or Software Engineering.
   
3. Depth & Breadth of curriculum content. With tech ever evolving and cyber security having the dark & white side of trades so enabling the white side professionals has been strengthened by industry skill based content as advised by our partners namely Cyber Test Systems, Cyber Intelligence, TecForte and Silensec.
   
4. Infrastructure & Ambience of Cybersecurity Professionals. This is done via courses offered where students take them seated in the facilities at APU such as our Cyber Range in which 3 courses are taught and also the Security Operations Centre (SOC) where another 2 courses are taught. The SOC is then also a mandatory manning fulfilment of 50hrs prior to graduation. The students monitor APU network traffic and do Tier 1 trouble shooting by themselves and escalate to the SOC manager for Tier 2.

There needs to be a continuous interest in Cyber Security programmes. This can only be ensured by universities having implementation strategies in place. As a benchmark below here are the FIVE prong pro-active measures and actions taken at APU focused on industry relevance & marketable graduates into the workforce;

1. Engaging with the industry experts. The design of APU cyber security programmes are achieved with the industry through the participation of the Industry Advisory Panel (IAP) who have cyber security expertise. The experts are integral in verifying content, direction on software/tools applications, guidance on ideas for final year projects, serve in opportunities for industrial trainings and also support via guest lectures year in year out.
2. Promotion of our infrastructure on all marketing mediums. In 2018 APU invested in the set up the Cybersecurity Talent Zone (CTZ) with a vision of producing nice graduates in the discipline. With the collaborative arrangements with industry partners, APU has been able to set up international standard facilities in the CTZ for teaching, learning and research. Good examples of this is the Cyber Range which is of Military Defense grade and one of 2 in Malaysia and the most equipped version in the SEA region along with the Security Operations Centre (SOC) which is one of 3 mainstream versions in IHLs within Malaysia. Both were designed, setup and commissioned with partners from the industry bridged by MDEC. A follow through on this is the professional level trainings which our students also benefit from.Malaysia OpenGov Leadership Forum APU won the prestigious Recognition of Excellence Award for its Cyber Security Talent Zone development.
   
3. Engaging with local & national agencies. APU’s Corporate Training unit furnishes industry based certification training and APU talents can professionally certify themselves while undergoing their studies and our offerings are in partnership with the likes of CSM, CompTIA, Rocheston, ISACA, EC Council. 
   
4. Showcasing our talents. Competitions, research outcomes at conferences & exhibitions as an average churn out 85 publications per year in cybersecurity & forensic. APU has been annual winners at industry level competitions hosted by F-Secure, KPMG, and Australian Information Security Association (AISA). This allows for other potential students to see that the exposure is at large and you are on an industrial footing while being in university.
   
5. Showcasing the expertise. Sharing of experts’ in training or being a go to place for cybersecurity upskilling, i.e the MIA CSuite Awareness Programme. APU is also recognized as the Best Cybersecurity Education Provider in Asia – Cyber Security Excellence Awards in 2019 & 2020 and received the Award for best Cyber Security Education Provider in Asia Pacific by CompTIA in 2018.

As part of Digital Malaysia developments, encouragement to IR4.0 has to start from school levels. The awareness has to be made clear on this career pathway as a standalone profession. APU has conducted school programmes in the cybersecurity area quite successfully. APU hosted the Cyber Security Immersion (CSI) for Youth programme in collaboration with MoHE and MDEC. It was a 3 Days 2 Nights programme at APU. Throughout the programme, students underwent seminars, brainstorming sessions and presentations. The contents were delivered by the academic team which covered essential technical knowledge and know-how of phishing, hacking, types of cyber-attacks and countermeasures. APU has also done Cyber Security awareness programmes at SMKs from 2018-2019 where a total of 16 schools were covered.

The future in cybersecurity education is allowing the qualification as a standalone qualification as the market is so wide and jobs at a 1:3 ratio which means it’s a monstrous programme by itself. As for programme standards it should be standalone and not be parked under the cluster of Computer Science to address the depth and breadth of the content requirements mapped to workforce needs. There is a paradigm shift needed by the Malaysian Qualifying Agency (MQA) on this matter for the benefit of future graduates.

Prof Ir Ts Dr Vinesh Thiruchelvam is currently the Deputy Vice Chancellor for Asia Pacific University of Technology & Innovation (APU) and the Chief Innovation Officer for the APIIT Education Group. He is also an academic advisor and external examiner to four Malaysian Public Universities. He is Professional Engineering with the Board of Engineers Malaysia (BEM) and a Chartered Engineer (CEng) with Engineering Council, UK and a Fellow of the Institution of Mechanical Engineers (IMechE-UK). 

Prof Vinesh has been the Chairman of the Engineering Education Technical Division (E2TD) at the Institute of Engineers Malaysia, advisory member of the Ministry of Education’s ‘STEM Task Force’ directly involved with the development of the MoE’s Education Blueprint in 2014-2015, member of the Ministry of Human Resources’ BPIC on quality of graduates in 2014-2017, member of Malaysian National Task Force for Big Data Movements with Malaysian Digital Economy Corporation (MDeC) in 2015-2018  and is currently contributing to the Malaysian National Framework for Artificial Intelligence as a scientific expert appointed in 2019.

Prof Vinesh is also appointed on to Digital Expert Panel for Malaysia Digital Economy Corporation (MDEC) covering Cybersecurity, Data Science, Software & System Integrator, Animation, Games and Internet of Things for 2020-2024. He is also the Technical Chair and Lead worldwide for ISO under the working group TC307/WG 1 – BlockChain Fundamentals Standards Development.

Terragrill, jenama sate popular di Pulau Langkawi kini semakin melebarkan operasi dengan membuka kedai sejuk beku pertamanya di ibu kota.

Pemiliknya, Zainah Abd Manaf yang juga alumni program 100 Go Digital anjuran Malaysia Digital Economy Corporation (MDEC) berkata, beliau teruja kerana impian untuk melihat jenama berkenaan ‘belayar’  keluar dari Langkawi berjaya direalisasikan walaupun negara masih berdepan suasana tidak menentu akibat pandemik COVID-19 dan Perintah Kawalan Pergerakan Bersyarat (PKPB) yang berlarutan.

Katanya, setelah membuat kajian, syarikat itu membuat pelaburan sebanyak RM50,000 untuk membuka kedai berkenaan yang terletak di tingkat atas Pasar Taman Tun Dr. Ismail yang disifatkan sebagai lokasi strategik.

“Walaupun baharu beroperasi pada awal bulan ini, saya bersyukur kerana kami berjaya menjual sebanyak satu tan sate ayam, daging dan kambing dengan hasil jualan sekitar RM20,000. Saya jangkakan dalam tempoh dua minggu berikutnya, sebanyak satu tan lagi stok akan terjual,” katanya di sini hari ini.

Ditanya mengenai langkah berani untuk membuka kedai ketika ini, Zainah,43, berkata, Terragrill perlu tampil dengan strategi digital baharu untuk memastikan kelangsungan perniagaan.

“Hasil jualan di Langkawi bergantung kepada permintaan daripada hotel namun disebabkan oleh Perintah Kawalan Pergerakan (PKP) dan disambung pula dengan PKPB, terdapat hotel yang menutup operasi manakala hotel yang masih bertahan telah mengurangkan pembelian.

“Sebelum ini, Terragrill turut menghantar produk ke Kuala Lumpur dan Selangor. Oleh itu, langkah membuka kedai sejuk beku di sini bertujuan untuk memenuhi permintaan pelanggan di Lembah Klang dan memastikan syarikat terus menjana pendapatan,” katanya.

Mengulas lanjut, Zainah berkata, pelaburan yang dibuat membabitkan kos sewa kedai, pembelian peti sejuk beku besar, menggaji dua orang pekerja baharu dan membuat pemasaran digital.

“Bagi memastikan sate yang dijual kepada pelanggan berada dalam keadaan segar, saya memastikan penghantaran stok dari kilang di Langkawi dilakukan pada setiap minggu,” katanya.

Jenama Terragrill merupakan antara 100 usahawan di Langkawi yang menyertai Program 100 Go Digital.

Menerusi penglibatannya, Zainah berpeluang meluaskan perniagaannya ke ‘wilayah baharu’ sekaligus mengurangkan kerugian yang ditanggung akibat pandemik COVID-19 yang memberi kesan kepada sektor pelancongan di Langkawi.

Sementara itu, Ketua Pegawai Pegawai Perniagaan Digital MDEC, Aiza Azreen Ahmad berkata, agensi berkenaan sentiasa menggalakan usahawan tempatan bergerak ke arah pendigitalan supaya terus berdaya saing, lestari dan mampu bertahan dan berkembang ketika pandemik global.

“MDEC telah melancarkan program 100 Go Digital Coaching yang menggabungkan pelbagai komponen secara hands-on dalam memimpin peserta untuk memastikan mereka mencapai prestasi baik dalam perniagaan. Kisah usahawan seperti pemilik Terragrill ini yang menggunakan pendekatan digital dalam perniagaannya telah menunjukkan hasil dalam tempoh singkat dan meluaskan perniagaan di kawasan baharu.  Ia selaras dengan matlamat MDEC yang memberi tumpuan terhadap empat teras DIGITAL iaitu Kemahiran Baharu (New skills), Penerimaan (Adoption), Pengganggu (Disruptors) dan Pelaburan (Investments). Ini membentuk asas kepada kempen jenama digital NADI MDEC yang memacu program-program terasnya untuk rakyat, perniagaan dan para pelabur.

 Jenama Terragrill yang merupakan  peserta 100 Go Digital telah menguruskan teras Pengganggu (Disruptors) apabila membawa operasi perniagaannya ke kawasan baharu selepas Pulau Langkawi terjejas akibat sekatan pergerakan. Ini membuktikan bahawa kemahiran digital dapat membantu perniagaan untuk terus beroperasi di sebalik kekangan yang dihadapi. Inilah tujuan MDEC melaksanakan inisiatif untuk membimbing perniagaan tempatan bergerak ke arah pendigitalan bagi memastikan perniagaan terus bertahan dan berkembang,”katanya.

Pada masa hadapan, MDEC menerusi kepelbagai inisiatif mahu membimbing lebih banyak perniagaan tempatan mengembangkan operasi berteraskan teknologi terkini. Usaha ini selaras dengan Rangka Tindakan Ekonomi Digital Malaysia (MyDIGITAL) yang bertujuan untuk menyokong kira -kira 875 000 Perusahaan Kecil dan Sederhana (PKS) dan usahawan mikro ke platform digital menjelang 2025.

Mengenai 100 Go Digital, inisiatif ini menyasarkan untuk menyokong sektor perniagaan runcit, syarikat makanan dan minuman (F&B) logistik dan perkhidmatan profesional. Para jurulatih yang terlibat dengan program ini pula mempunyai rekod prestasi cemerlang dari lapan syarikat yang kukuh iaitu AutoCount, Deepsky, Estream Software, iBizzCloud, Innergia Labs, Locus-T, Million Software dan Smart-Acc Solutions. Senarai ini merupakan kumpulan pelatih digital pertama dengan lebih banyak para jurulatih yang akan ditambahkan pada masa terdekat.

Selain dari sesi latihan, syarikat-syarikat ini juga akan menyediakan bahan latihan dalam talian dan pasukan sokongan program yang berdedikasi.

Untuk mengetahui lebih lanjut dan mendaftar ke 100 Go Digital Coaching, sila kunjungi: https://mdec.my/100godigital .

Bercerita lanjut mengenai manfaat menyertai program itu, Zainah menjelaskan dia kini turut mengaplikasikan sistem pembayaran tanpa tunai di kafenya di Pekan Kuah, Langkawi bagi kemudahan pelanggan.

Katanya pelbagai manfaat diperolehi selepas melaksanakan langkah berkenaan termasuklah tunai harian mudah diuruskan, kurang masalah shortage selain menjimatkan masa kerana tidak perlu ke bank setiap hari untuk memasukkan duit.

Mengulas lanjut mengenai produk yang dijualnya di kedai sejuk beku, Zainah berkata, setiap satu kotak mengandungi 25 cucuk sate dengan harga bermula RM25 (ayam), RM29 (daging) dan RM37 bagi kambing yang didatangkan bersama sekotak kuah kacang seberat 200 gram.

“Memandangkan kedai di sini baru beroperasi, saya turut melantik sebuah agensi digital untuk melakukan kerja -kerja promosi dalam talian bagi menarik lebih ramai pelanggan. Pada masa sama, Terragrill turut mengemaskini platform media sosial dan laman web kami iaitu http://www.terragrillcafe.com ,” katanya.

Sementara itu, Pengarah Bahagian Penerimagunaan Digital Perniagaan MDEC, Muhundhan Kamarapullai berkata, dalam situasi luar biasa yang dihadapi ketika ini, MDEC berpendapat PKS perlu terus diperkasa menerusi pendigitalan bagi memastikan kelangsungan perniagaan.

“Menerusi 100 Go Digital , setakat ini lebih 10,000  ribu PKS telah mendapat manfaat menerusi lebih 50 sesi yang telah dianjur MDEC dan rakan industri. Sidang Kemuncak PKS Dalam Talian yang dianjurkan secara maya di bawah inisiatif ini turut dipilih menerima Anugerah Emas Kategori  Acara Dalam Talian pada Anugerah Kecemerlangan Pemasaran 2020. Kesemua inisiatif dan pencapaian MDEC ini adalah untuk memastikan rakyat dan perniagaan mendapat manfaat daripada ekonomi digital yang berkembang pesat di samping berusaha mencapai cita-cita negara menjadi Nadi Digital ASEAN,” katanya.

Pada akhir temubual, Zainah mendedahkan, satu lagi cawangan kedai sejuk beku akan dibuka pada November ini namun beliau masih tidak bersedia untuk berkongsi lokasi sebenar.