Social Network Safety Lesson
Social networking is still all the rage and, as with any popular technology, scam artists and other unscrupulous individuals will find a way to take advantage of trusting users. Websites such as MySpace, Facebook and LinkedIn are particularly susceptible to scams involving social engineering because of the implicit level of trust among the site’s users. For example, you may think that John, a friend from college who is now on Facebook, is who he says he is, but how can you be sure?
One scam being used on Facebook and MySpace right now involves scammers setting up fake profiles to pose as real people. Here’s how it works:
1) A scammer will create an account and look for targets on MySpace, then send out friendship requests to the intended victims. Because of the loose norms for friendship on MySpace many people will accept these random requests.
2) Once the scammer has friends on MySpace they will compile a list of those people’s friends.
3) Now it’s onto Facebook, where the scammer again creates a fictitious account using the same info as on MySpace. The scammer will also look for their MySpace victims on Facebook and then send out friendship requests. Because the victims have already accepted the friend requests on MySpace, most will also accept the request on Facebook.
4) Now the scammer can access the victim’s friends list on Facebook. The scammer will compare the victim’s friends list on MySpace to the victim’s friends list on Facebook. If a victim’s friend exists on MySpace, but not on Facebook, the scammer will use real profile pictures and information to create an account on Facebook in that person’s name.
5) The victim then receives a friend request from the scammer posing as the victim’s actual friend. This is a very convincing ruse because the scammer can access real photos and profile information and photos through MySpace (as well as other social network website) accounts.
6) The scammer will send messages to their victim for a while to build up the rapport until, eventually, they spring the trap. This usually takes the form of asking to borrow money for some emergency, meeting at a place you’ve never been before, or simply keeping tabs on when you’re out of town – with your home unprotected.
The inherent trust of the people on these networks, especially those with whom you’ve made connections, makes these types of scams very dangerous. With the vast amount of information available online from sites like Flickr, MySpace, Facebook, LinkedIn, Classmates.com, Twitter, and numerous online directories of personal contact info it is very easy to impersonate someone using material freely posted to the web.
So how do you avoid these types of scams? The short answer is that you can’t, although you can protect yourself to a certain extent. Almost all social network websites have privacy and security controls for your profile so you can restrict what information about you people can see. For instance, you may want to restrict access to your list of friends, or you may restrict who can see photos of you. Also, there is nothing that says you have to accept a friend request from someone you don’t know. Another helpful trick might be to communicate through multiple channels and websites; the above scam doesn’t work if you mention the fake account on Facebook to the real account holder on MySpace. If your real friend on MySpace didn’t actually create an account on Facebook then you know something is fishy.
As is the case with any online activity, an ounce of skepticism will serve you better than all the security software in the world.