Cyber con artists turn your Facebook into an open book. They hack into your Facebook account and pretend to be you. Once they take over your Facebook account, hackers can often take control of your e-mail.
Their ultimate goal is to turn your Facebook screen into a cash machine either through identity theft or other forms of fraud.
Depending on your privacy setting and who you let share your information, every posted photo, every friend, each seemingly innocent message can give scammers the information they need to compose a story.
The typical communication explains that you’ve had an emergency in another state or country and need money. Friends and family who panic and want to help may wire money to the scammer, thinking they’re talking to you.
“In many ways we make it very very easy,” said Internet safety and security expert Linda Criddle.
The former Microsoft analyst is now an author and consumer advocate who specializes in educating children and adults about the different ways scammers can target you online. Social networks are a fertile hunting ground.
Internet security experts say 2010 could be a banner year for scams on sites like Facebook and Twitter, because of their popularity.
On Facebook alone, there are more than 350 million users- sharing their pictures and information with friends, who share with their friends, who share with their friends.
It’s an information gold mine for a hacker tactic known as “screen scraping.”
“It means that you are literally gathering, collecting all the information you can find on a screen.” explained Criddle.
People share information about hobbies, family background, employment, vacation plans, last names, nick names and more. Photographs and videos can reveal even more information you don’t even realize you’re providing.
“Gathering that information off these social networking sites is quick. And what you don’t share about yourself, your friends probably did, Criddle added.
And if just one person on your list takes the bait the scammers almost instantly get thousands of dollars, especially if they can get the name and phone number of an older relative in a different state.
Scammers like to use the telephone with older people, because seniors tend to respond to the “person to person” approach. They get caught up in the emotion. They’re sympathetic toward their relatives and are more likely to keep things a secret when asked not to say anything. That makes the victim less likely to call their family member at home and check on them.
The scammers explain they need money wired through Western Union. By the time the friend or family realizes it was a scam, the money’s gone. Police say caring relatives in particular- are sitting ducks.
Facebook is aware of the problem. Spokesperson Simon Axten offered the following e-mail reply in response to our questions:
“This is a very low-volume attack, affecting only a small number of people. However, we’re concerned about any potential security threat, and we’re taking this issue very seriously. Our team has analyzed the trends of these attacks and is using this information to surface compromised accounts before the scammers get very far.
When we find these accounts, we disable them and attempt to get them back to their rightful owner. In many cases, the scammer has changed the password or added a new contact email to attempt to maintain control of the account.
To combat this, we notify people when their account is modified and empower them to reverse the changes or disable the account entirely. We’re reminding people to be very suspicious of anyone, even friends, who ask for money over the Internet. Please verify their circumstances through some other means than the web (e.g. call them or mutual friends).If you see something that looks amiss with your account or a friend’s, please report it to us through the form in our Help Center.
Specific things users can do to protect themselves:
- Be suspicious of anyone – even friends – who ask for money over the Internet. Verify their circumstances independently (e.g. call them or mutual friends).
- Choose a strong password and use unique credentials for each of your web accounts (we believe users are being phished on one site, and the bad guys are then trying those credentials on another).
- Use an up-to-date browser that features an anti-phishing blacklist.
- Use and run anti-virus on your machine.
- Reset your Facebook password if you suspect your account has been compromised.
Specific actions Facebook has taken:
- Adjusted and updated our sophisticated security systems to also detect and defeat these smaller-scale attacks.
- Improved our prioritization systems so we can help impacted users more quickly.
- Instituted changes to notify users when their account is modified and empower them to reverse the changes or disable the account.
- Worked with law enforcement to investigate cases and with Western Union (a wire transfer company commonly used by the scammers) to improve education. With our help, Western Union has posted a warning about this scam. Western Union has also alerted its branches in London, where the scammers are picking up the money.