Sign in with
Sign up | Sign in

Scammers Hunting on Social Networks

By - Source: Tom's Guide | B 3 comments

BusinessWeek.com reports that cyberscammers have taken to trolling for victims on social-networking sites such as Facebook and LinkedIn. “Many [criminals] have now moved to computer networks,” said Shawn Henry, assistant director of the FBI’s Cyber Investigations division, “because that’s where the victims have moved and, therefore, the opportunities.”

Email remains the scam artist’s favorite tool, but the FBI and the National White Collar Crime Center report that criminals are increasingly turning to social networks and other websites to ply their trade. Internet crime in the U.S. rose 21 percent last year, according those agencies, costing victims $239 million. In 32.7 percent of those cases, the victim was initially contacted through a web page. In 2005, only 16.5 percent of the victims reporting an online crime were contacted that way.

The Businessweek.com story recounts the experience of an Australian citizen named Karina Wells, who received a message on Facebook from someone posing as her real-life friend Adrian. “Adrian” claimed he was stranded in Lagos, Nigeria without access to a telephone and that he needed Karina to wire him $500 for a plane ticket home. He even chatted with Karina in real time, using Facebook’s chat service.

Wells got suspicious and alerted both Australian authorities and Facebook; each organization initiated an investigation into the matter. Facebook officials assume that the criminal obtained Adrian’s log-in ID and password through a phishing scheme. “There’s an implied sense of trust [with social networks]” said the FBI’s Henry, ‘and there’s not the sense that we can be physically harmed.”

It’s relatively easy to trick even the security savvy, as two online security consultants recently demonstrated. Shawn Moyer of Fishnet Security and Nathan Hamiel of Idea Information Security posed as another consultant, Marcus Ranum, who garnered fame for building the White House’s first email server. Using Ranum’s name, resume, and photo, Moyer and Hamiel established connections on LinkedIn with security officers and chief information officers at large companies, the editor-in-chief of a security trade magazine, and other people Ranum might actually know.

The pair had no trouble getting people—even those victims who should have been the most security conscious—to accept “connect” requests from the fake Ranum; and the more professional connections they established, the more legit they appeared to the next target.

Most social networking sites prohibit users from posing as someone else, but that won’t go far to deter a criminal bent on committing fraud. And while Moyer admits it would be difficult for sites such as LinkedIn to prevent experiments such as the one he and Hamiel tried using Ranum’s identity, he does believe they could take measures to authenticate their users.

Read the entire story at BusinessWeek.com.

Discuss
Display 3 comments.
This thread is closed for comments
  • 0 Hide
    Luscious , November 21, 2008 1:15 AM
    "Most social networking sites prohibit users from posing as someone else"

    That's total BS!!! MySpace is FULL of Nigerian scam artists using stolen headshots of Hawaiian models. Call me whatever you like, but MySpace does NOTHING to stop anyone from pretending to be anybody other that who they are. I wouldn't be surprised if half of all the new accounts there come from scammers.

    It's the one reason why I HATE MySpace and why I don't use it.
  • -1 Hide
    Pei-chen , November 21, 2008 10:14 AM
    That's one reason why I hang out with friends physically.
  • 0 Hide
    neiroatopelcc , November 25, 2008 7:36 AM
    Luscious"Most social networking sites prohibit users from posing as someone else"That's total BS!!! MySpace is FULL of Nigerian scam artists using stolen headshots of Hawaiian models. Call me whatever you like, but MySpace does NOTHING to stop anyone from pretending to be anybody other that who they are. I wouldn't be surprised if half of all the new accounts there come from scammers.It's the one reason why I HATE MySpace and why I don't use it.


    There's a huge difference between having rules in place, and enforcing them. Youtube has rules against uploading copyrighted material as well, yet it's, probably, the worlds biggest warehouse for anonymous download of copyrighted video material.

    Dun use myspace, but I assume they're not spending all that much on enforcing their rules either.

    The difference between must do and could do is huge. imo all national dating sites, online auctions and the like should implement user authentication at least when they sign up - with physical letters or using some kind of id verification other than by means of credit cards.

    The problem with international stuff like facebook, ebay etc. is that it doesn't only target one nation, and therefore there are varying verification options, and probably there are countries without any options at all.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter