How to Check if a Screenshot Has Been Photoshopped



It’s ridiculously easy to fake screenshots with tools freely available online. That’s why there are more convincing scammers on the internet than ever. So it’s time we upgraded our detection skills too. Let me show you a few neat ways to spot a fake screenshot.

Be Wary of Desktop Screenshots

I wouldn’t trust any random screenshot taken inside a desktop web browser. Chrome, Firefox, and their many derivatives let you edit the code of the page itself. With little to no effort, you can change just about any element of a web page. It’s called Inspect Element. Just right-click with your mouse anywhere on a website to open the browser context menu. You’ll see “Inspect” at the bottom of it.

The Inspect Element shows the HTML, CSS, and Javascript code that make up a website. Editing this code will make a perfectly convincing forgery. You don’t even need to know coding to make small edits here and there. For example, you could highlight any text on a page and replace it in two quick steps. Of course, the website will go back to the original when you refresh the page, but it’s plenty good for screenshots or screen sharing.

If you absolutely had to rely on a screenshot like that from a stranger, I would have them refresh the website on video to verify its authenticity (but even that’s not foolproof).

Phone screens are a different game. Most of the time, there are tell-tale signs without getting technical with it. You can be more technical with Image forensics tools; I’ll show you how. They are a big help. But spotting fake phone screenshots (which we deal with more than desktop screenshots anyway) is not always an exact science.

Unfortunately, if a forger is motivated and skilled enough, sometimes it’s impossible to detect the fake. As opposed to camera photos, screenshots of phone screens just aren’t a technical challenge for anyone who knows basic Photoshop.

With that out of the way, here are the tell-tale signs that I brought up earlier.

Look For Pixel Inconsistencies

If a forger is faking a receipt, they most likely will copy and paste elements of the image. It creates little patches of pixels that don’t line up perfectly with the rest of the image. In this case, you’ll pay close attention to two things: the amounts and the dates. Zoom into the image and look for subtle inconsistencies.

You might find some out of place blurriness or sharpness. The original screenshot will have the same resolution everywhere. Unnatural color gradations or subtle shifts in the shadows could give away a fake too.

Font and Spacing Could Be Off

Not everyone can identify a font. Even skilled graphic designers can have trouble with finding the exact font that’s captured in a screenshot. Phone apps rarely use Arial, Times New Roman, or common fonts like that. When a forger can’t find the exact match, they might edit the text with a similar looking font.

Just like the font type, they’ll have trouble with figuring out the correct size and spacing for it. It’s difficult to nail them when you’re going off guesswork or trial-and-error.

Some Elements Might Not Belong

Most phone apps we use update a lot and their interface changes in subtle (rarely big) ways all the time. A forger might have mixed and matched elements from different versions of the same app, and you can spot those mistakes if you’re familiar with the app’s interface.

Reverse Search It

Let’s get a little bit more technical now. The forger could have downloaded the original screenshot off the internet and modified it later. That’s why it’s always a good idea to run a quick reverse image search. Pass the suspect screenshot through both TinEye and Google Images.

Metadata is like an ID for an image file. It shows things like when the image was taken and on which device. Phone screenshots often include the phone’s name within the metadata. And, if someone photoshopped that screenshot before sending it to you, that metadata would be gone.

You can check a file’s metadata by right-clicking on the file with your mouse, and selecting “Properties” from the menu. Look for the “Details” tab to check the metadata details.

Messaging apps also strip the metadata of an image, by the way. So, just because the device name isn’t in the metadata, it doesn’t necessarily mean the image is fake. Although if you do find the sender’s device name intact in the metadata, it’s a positive sign.

This is as technical and scientific as you can get about spotting image fakery. I recommend the Forensically app. It’s a free web app that can analyze any image in depth and create heatmaps of stuff that’s been edited in. It’s easy to learn and easy to use. Let me walk you through it.

Take a look at this UFO hovering above an entire city (it’s the sample Forensically defaults to). Let’s figure out if it’s authentic. Simply hovering the cursor over the UFO edges shows the pixels don’t look right. On to Error Level Analysis, and we see the entire disc and its shadow glowing in a different color. Fake elements will always light up like that.

Another neat way to find faked elements is with clone detection. It’ll find any identical pixels in the image. Notice the corner of this heatmap where the parasailer has been cloned in.

To make the edges of pasted content more visible, do a Level Sweep. Then you can hover the mouse over the edges to find the general area that’s been manipulated. Principal Component Analysis is great for finding exact and fine details. They’re showing up as noise here.

The rest of the settings are a bit advanced, and you’ll probably never need them. There is one more thing that I should explain though. Sometimes an image file will store its own thumbnail, which this tool can extract. The “Thumbnail Analysis” reveals the original, unedited version.

Can You Tell Which Is Which?

Pay attention to the dollar amount, it seems off. The font doesn’t match, and the size isn’t the same. We can also zoom into the finer details.

Let’s keep going. Nothing came up in the reverse search, but the metadata is blank (mounting in suspicion). I’m going to run it through the forensics tools next. Clone Detection shows me hot zones which have been copied. The original doesn’t have these pink spots and Forensically doesn’t detect anything, even if I move the sliders all the way up.

The same spot also lights up when I pass it through Principal Component Analysis. The text amount stands out in stark contrast against the rest of the text, so we know the screenshot is a fake.

By comparison, the original has consistent text elements throughout.


You can apply the forensics techniques you learned here to just about any image. There are no definitive guarantees, but they should help you verify sensitive screenshots.



Source link

Previous articleChatGPT: Which model is right for you