Social Networking Identity Theft Scams
I’m going to tell you exactly how someone can trick you into thinking they’re your friend. Now, before you send me hate mail for revealing this deep, dark secret, let me assure you that the scammers, crooks, predators, stalkers and identity thieves are already aware of this trick. It works only because the public is not aware of it. If you’re scamming someone, here’s what you’d do:
Step 1: Request to be “friends” with a dozen strangers on MySpace. Let’s say half of them accept. Collect a list of all their friends.
Step 2: Go to Facebook and search for those six people. Let’s say you find four of them also on Facebook. Request to be their friends on Facebook. All accept because you’re already an established friend.
Step 3: Now compare the MySpace friends against the Facebook friends. Generate a list of people that are on MySpace but are not on Facebook. Grab the photos and profile data on those people from MySpace and use it to create false but convincing profiles on Facebook. Send “friend” requests to your victims on Facebook.
As a bonus, others who are friends of both your victims and your fake self will contact you to be friends and, of course, you’ll accept. In fact, Facebook itself will suggest you as a friend to those people.
(Think about the trust factor here. For these secondary victims, they not only feel they know you, but actually request “friend” status. They sought you out.)
Step 4: Now, you’re in business. You can ask things of these people that only friends dare ask.
Like what? Lend me $500. When are you going out of town? Etc.
The author has no evidence that anyone has actually done this, but certainly someone will do this sometime in the future.
We have seen attacks by people hijacking existing social networking accounts:
Rutberg was the victim of a new, targeted version of a very old scam—the “Nigerian,” or “419,” ploy. The first reports of such scams emerged back in November, part of a new trend in the computer underground—rather than sending out millions of spam messages in the hopes of trapping a tiny fractions of recipients, Web criminals are getting much more personal in their attacks, using social networking sites and other databases to make their story lines much more believable.
In Rutberg’s case, criminals managed to steal his Facebook login password, steal his Facebook identity, and change his page to make it appear he was in trouble. Next, the criminals sent e-mails to dozens of friends, begging them for help.
“Can you just get some money to us,” the imposter implored to one of Rutberg’s friends. “I tried Amex and it’s not going through. … I’ll refund you as soon as am back home. Let me know please.”
Jo • April 8, 2009 7:44 AM
Of course, one easy defense against this kind of thing is to be in contact with your friends in other ways.
In addition to facebook, there’s also this amazing device called a ‘telephone’, or ‘far speaker’.
Before I give one of my friends $500 – I’m going to call them to make sure they and their families are alright!
In other words, trust, but verify.
I would also send a check through the mail to my friend, rather than wiring the money. If it needed to be there the next day, I’d just spend that much more on postage to get next-day service, so unless they were also staking out my friend’s mailbox, I don’t see how they could get the money…
If someone shows up, pretending to be from high-school, and I haven’t spoken to them in 20 years, well… I’ll be glad to hear from them, but I wouldn’t be sending a check for $500 any time in the near future!