Social Networking Identity Theft Scams
I'm going to tell you exactly how someone can trick you into thinking they're your friend. Now, before you send me hate mail for revealing this deep, dark secret, let me assure you that the scammers, crooks, predators, stalkers and identity thieves are already aware of this trick. It works only because the public is not aware of it. If you're scamming someone, here's what you'd do:
Step 1: Request to be "friends" with a dozen strangers on MySpace. Let's say half of them accept. Collect a list of all their friends.
Step 2: Go to Facebook and search for those six people. Let's say you find four of them also on Facebook. Request to be their friends on Facebook. All accept because you're already an established friend.
Step 3: Now compare the MySpace friends against the Facebook friends. Generate a list of people that are on MySpace but are not on Facebook. Grab the photos and profile data on those people from MySpace and use it to create false but convincing profiles on Facebook. Send "friend" requests to your victims on Facebook.
As a bonus, others who are friends of both your victims and your fake self will contact you to be friends and, of course, you'll accept. In fact, Facebook itself will suggest you as a friend to those people.
(Think about the trust factor here. For these secondary victims, they not only feel they know you, but actually request "friend" status. They sought you out.)
Step 4: Now, you're in business. You can ask things of these people that only friends dare ask.
Like what? Lend me $500. When are you going out of town? Etc.
The author has no evidence that anyone has actually done this, but certainly someone will do this sometime in the future.
We have seen attacks by people hijacking existing social networking accounts:
Rutberg was the victim of a new, targeted version of a very old scam -- the "Nigerian," or "419," ploy. The first reports of such scams emerged back in November, part of a new trend in the computer underground -- rather than sending out millions of spam messages in the hopes of trapping a tiny fractions of recipients, Web criminals are getting much more personal in their attacks, using social networking sites and other databases to make their story lines much more believable.
In Rutberg's case, criminals managed to steal his Facebook login password, steal his Facebook identity, and change his page to make it appear he was in trouble. Next, the criminals sent e-mails to dozens of friends, begging them for help.
"Can you just get some money to us," the imposter implored to one of Rutberg's friends. "I tried Amex and it's not going through. ... I'll refund you as soon as am back home. Let me know please."
Posted on April 8, 2009 at 6:43 AM • 55 Comments