5. Phishing

24/7 Wall St.: 9 Major Ways Criminals Use Facebook

Phishing on Facebook involves a hacker posing as a respected individual or organization and asking for personal data, usually via a wall post or direct message. Once clicked, the link infects the users’ computers with malware or directs them to a website that offers a compelling reason to divulge sensitive information. A classic example would be a site that congratulates the victims for having won $1,000 and prompts them to fill out a form that asks for a credit card and Social Security number. Such information can be used to perpetrate monetary and identity fraud. Grayson Milbourne of Webroot, also explained that spearphishing is becoming increasingly common, a practice that uses the same basic idea but targets users through their individual interests.
(iStock Photo)

More From 24/7 Wall Street:
America’s Favorite Beers
The 18 Big Risks to Consider in the Facebook IPO
The Cars Americans Will Not Buy

The opinions expressed are solely those of the author and do not necessarily reflect the views of Comcast.

More from this Slideshow

0 of 0

How Criminals Us... This Friday, Facebook will go public in one of the most anticipated IPOs in history. With more than 900 million users, Mark Zuckerberg’s expanding social media empire has become a seemingly irreplaceable part of the online experience. Unfortunately, a byproduct of its success is that millions of Americans are far more exposed to a number of cyber crimes that also teem on the site.

To be sure, cyber crimes have been occurring for some time, but the presence of social media has made many crimes much easier to commit. In social networks people make “friends” without knowing the person and make personal information easily available. And none of the networks present more opportunity to criminals than Facebook and its hundreds of millions of users. With this in mind, 24/7 Wall St. looked at some of the most common ways criminals use Facebook.

Ultimately, all social media sites make it easier for criminals to deceive their victims. According to a study published in Communications of ACM, a journal for computing professionals, the percentage of students that responded to a phishing email increased from 16 percent to 72 percent when the email included relevant social information about the target. For example, scams that make it appear that a message comes from a friend of the target make it more likely that the target will respond.
(iStock Photo)

More From 24/7 Wall Street:
America’s Favorite Beers
The 18 Big Risks to Consider in the Facebook IPO
The Cars Americans Will Not Buy

The opinions expressed are solely those of the author and do not necessarily reflect the views of Comcast.
1. Hacking Accou... When criminals hack a Facebook account, they typically use one of several available “brute force” tools, Grayson Milbourne, Webroot’s Manager of Threat Research for North America, told 24/7 Wall St. in an interview. These tools cycle through a common password dictionary, and try commonly used names and dates, opposite hundreds of thousands of different email IDs. Once hacked, an account can be commandeered and used as a platform to deliver spam, or — more commonly — sold. Clandestine hacker forums are crawling with ads offering Facebook account IDs and passwords in exchange for money. In the cyber world, information is a valuable thing.
(iStock Photo)

More From 24/7 Wall Street:
America’s Favorite Beers
The 18 Big Risks to Consider in the Facebook IPO
The Cars Americans Will Not Buy

The opinions expressed are solely those of the author and do not necessarily reflect the views of Comcast.
2. Commandeering... A more direct form of identity theft, commandeering occurs when the criminal logs on to an existing user account using an illegally obtained ID and password. Once they are online, they have the victim’s entire friend list at their disposal and a trusted cyber-identity. The impostor can use this identity for a variety of confidence schemes, including the popular, London scam in which the fraudster claims to be stranded overseas and in need of money to make it home. The London scam has a far-higher success rate on Facebook — and specifically on commandeered accounts — because there is a baseline of trust between the users and those on their friends list.
(iStock Photo)

More From 24/7 Wall Street:
America’s Favorite Beers
The 18 Big Risks to Consider in the Facebook IPO
The Cars Americans Will Not Buy

The opinions expressed are solely those of the author and do not necessarily reflect the views of Comcast.
3. Profile Cloni... Profile cloning is the act of using unprotected images and information to create a Facebook account with the same name and details of an existing user. The cloner will then send friend requests to all of the victim’s contacts. These contacts will likely accept the cloner as a friend since the request appears to be from someone they’re familiar with. Once accepted, the crook has access to the target’s personal information, which they can use to clone other profiles or to commit fraud. As Grayson Milbourne puts it, “Exploiting a person’s account and posturing as that person is just another clever mechanism to use to extract information.” Perhaps what’s scariest about this kind of crime is its simplicity. Hacking acumen is unnecessary to clone a profile; the criminal simply needs a registered account.
(iStock Photo)

More From 24/7 Wall Street:
America’s Favorite Beers
The 18 Big Risks to Consider in the Facebook IPO
The Cars Americans Will Not Buy

The opinions expressed are solely those of the author and do not necessarily reflect the views of Comcast.
4. Cross-Platfor... Cross-platform profile cloning is when the cyber criminal obtains information and images from Facebook and uses them to create false profiles on another social-networking site, or vice versa. The principle is similar to profile cloning, but this kind of fraud can give Facebook users a false sense of security because their profile is often cloned to a social platform that they might not use. The result is that this kind of fraud may also take longer to notice and remedy.
(iStock Photo)

More From 24/7 Wall Street:
America’s Favorite Beers
The 18 Big Risks to Consider in the Facebook IPO
The Cars Americans Will Not Buy

The opinions expressed are solely those of the author and do not necessarily reflect the views of Comcast.
5. Phishing Phishing on Facebook involves a hacker posing as a respected individual or organization and asking for personal data, usually via a wall post or direct message. Once clicked, the link infects the users’ computers with malware or directs them to a website that offers a compelling reason to divulge sensitive information. A classic example would be a site that congratulates the victims for having won $1,000 and prompts them to fill out a form that asks for a credit card and Social Security number. Such information can be used to perpetrate monetary and identity fraud. Grayson Milbourne of Webroot, also explained that spearphishing is becoming increasingly common, a practice that uses the same basic idea but targets users through their individual interests.
(iStock Photo)

More From 24/7 Wall Street:
America’s Favorite Beers
The 18 Big Risks to Consider in the Facebook IPO
The Cars Americans Will Not Buy

The opinions expressed are solely those of the author and do not necessarily reflect the views of Comcast.
6. Fake Facebook A common form of phishing is the fake Facebook scam. The scammers direct users via some sort of clickable enticement, to a spurious Facebook log-in page designed to look like the real thing. When the victims enter their usernames and passwords, they are collected in a database, which the scammer often will sell. Once scammers have purchased a user’s information, they can take advantage of their assumed identity through apps like Facebook Marketplace and buy and sell a laundry list of goods and services. Posing as a reputable user lets the scammer capitalize on the trust that person has earned by selling fake goods and services or promoting brands they have been paid to advertise.
(iStock Photo)

More From 24/7 Wall Street:
America’s Favorite Beers
The 18 Big Risks to Consider in the Facebook IPO
The Cars Americans Will Not Buy

The opinions expressed are solely those of the author and do not necessarily reflect the views of Comcast.
7. Affinity Frau... In cases of affinity fraud, con artists assume the identity of individuals in order to earn the trust of those close to them. The criminal then exploits this trust by stealing money or information. Facebook facilitates this type of fraud because people on the site often end up having a number of “friends” they actually do not know personally and yet implicitly trust by dint of their Facebook connection. Criminals can infiltrate a person’s group of friends and then offer someone deals or investments that are part of a scheme. People can also assume an identity by infiltrating a person’s account and asking friends for money or sensitive information like a Social Security or credit card number.
(iStock Photo)

More From 24/7 Wall Street:
America’s Favorite Beers
The 18 Big Risks to Consider in the Facebook IPO
The Cars Americans Will Not Buy

The opinions expressed are solely those of the author and do not necessarily reflect the views of Comcast.
8. Mining Unprot... Few sites provide an easier source of basic personal information than Facebook. While it is possible to keep all personal information on Facebook private, users frequently reveal their emails, phone numbers, addresses, birth dates and other pieces of private data. As security experts and hackers know, this kind of information is often used as passwords or as answers to secret security questions. While the majority of unprotected information is mined for targeted advertising, it can be a means to more pernicious ends such as profile cloning and, ultimately, identity theft.
(iStock Photo)

More From 24/7 Wall Street:
America’s Favorite Beers
The 18 Big Risks to Consider in the Facebook IPO
The Cars Americans Will Not Buy

The opinions expressed are solely those of the author and do not necessarily reflect the views of Comcast.
9. Spam Not all spam — the mass sending of advertisements to users’ personal accounts — is against the law. However, the existence of Facebook and other social sites has allowed for a new kind of spam called clickjacking. The process of clickjacking, which is illegal, involves the hacking of a personal account using an advertisement for a viral video or article. Once the user clicks on this, the program sends an advertisement to the person’s friends through their account without their knowledge. This has become such an issue for the social media giant that earlier this year that the company has teamed up with the U.S. Attorney General to try to combat the issue.
(iStock Photo)

More From 24/7 Wall Street:
America’s Favorite Beers
The 18 Big Risks to Consider in the Facebook IPO
The Cars Americans Will Not Buy

The opinions expressed are solely those of the author and do not necessarily reflect the views of Comcast.
See More on 24/7... Click here to see the eight products the Facebook generation will not buy.