Broken trust: when a criminal becomes your friend on Facebook
Can you get scammed and lose money when you rely on social network sites to connect with friends ? Unfortunately the answer is yes.
A few weeks ago, my friend Beny stepped up to help one of his friends, Bryan, who was robbed at gunpoint in a foreign country.
We've all heard about friends getting in trouble during a trip, but what was new here was the fact that the distress call and help request came via Facebook status updates and instant messages.
As it turns out, the distress call was fraudulent and my friend ended up wiring a total of $1,143 to some fraudster account in England.
How could this happen ? Somehow, a fraudster got a hold of Bryan's Facebook username and password, studied his profile and started to reach out to his friends with the harrowing news and the request for help. The fraudsters were able to sound legitimate when instant messaging to Beny as they casually dropped bits and pieces of personal information that only Brian would know. Or, shall we say, only anyone with access to Brian's account would know. They went so far as leaving voice messages on Beny's phone asking for more money for Brian. After that, all that was left between the fraudsters and the money was Beny's good heart and a wire transfer.
Why are we seeing an increase in these types of attacks against non-financial sites (see also Twitter and Yahoo) ? Well, the answer is that fraudsters and criminals are always looking for the weakest link that can help them get access to your wallet.
Over the last 3 years, banks have stepped up their online banking security with measures such as second factor and risk based authentication. The bad guys did take note of that and are now trying to use the same tools they used against the banks to get access to your email, social network or work applications. There they can find information that can help them get access to your money without having to face the bank's security systems.
What is interesting about social networks is that it doesn't matter that you protect your own passwords, use the latest and greatest anti-virus or only transact with well authenticated EV sites. If any of your social network friends make a mistake and lose their Facebook or MySpace password, now your private information is exposed to a stranger or maybe even a criminal.
All that said, I'm a strong believer in the value of social networks and the hundreds of millions of people accessing them cannot be wrong: the power of sharing information online is really here to stay and we have only seen the beginning of this social fabric that we are building on top of the Internet.
What social network providers need to realize is that the growth and eventual monetization of these networks will depend on how well the user's data, identity and privacy is protected.
Beny will soon forget the $1000 or so that he lost, but I bet he won't recover his trust on social networks for a long time to come.
For more details on Beny and Bryan's case check the following video:
Embedded video from CNN Video