Facebook: The Pitfalls of Popularity

March 30th, 2010

Facebook is no longer just a Web site — it’s a full-fledged platform. As an indication of its popularity, many users spend more time on Facebook than on e-mail, even using Facebook as their e-mail service. Unfortunately this means scammers are now crawling all over Facebook. There are hundreds of Facebook scams, such as phishing e-mails, Trojan horses, fake apps and so on.

To illustrate how big online fraud is getting, a recent FBI report cited that internet fraud doubled in 2009 to about $560 million. Individual complaints of Internet scams grew more than 20 percent last year, according to the report.

As an example of this, we’ve all seen the stories that show how Facebook friends have been easily tricked into sending money in response to believable pleas for help, or about Facebook apps that have tricked people into handing over their personal data or password

As Richter7 builds social media strategies for our clients, we have also had to stay current with the latest scams. Below are just a few examples of some of the pitfalls we have seen associated with being a Facebook user.

Facebook Impersonation.

A criminal who hacks into a Facebook account can learn a staggering amount of information. Worse yet, he or she can gain trusted access to friends and family.

This is why we tell our clients to treat their Facebook password like an online banking site, because it’s not a stretch to say that a criminal who hacks a Facebook account is only one small step away from stealing other information (“Hello, First National Bank, I’ve lost my password. But my high school mascot is the Owl and my mother’s maiden name is Smith. Can you reset my password now?”)

There is a recent example of one such impersonation scam. If you get an e-mail that appears to be from Facebook saying the company reset your password and urges you to open an attachment, it is a scam. Repeat, it is a scam. The attachment contains a password stealer that targets Windows computers and which can potentially access any username and password combination used on the computer, not just the login credentials for Facebook.

“This threat is potentially very dangerous considering that there are over 350 million Facebook users who could fall for this scam,” McAfee says. “This is also the sixth most prevalent piece of malware targeting consumers in the last week, as tracked by McAfee Labs.”

There are obvious clues that this type of thing is a phishing scam. For one, Facebook doesn’t send e-mails like this. It may send an e-mail with a link where the user can reset the password, but not an e-mail with an attachment. Secondly, the e-mail has poor grammar and awkward phrases.

Love and Friendship Based Scams.

Anyone out there ever done anything dumb for love? If you are raising your hand, then congratulations, you are not alone. Love and friendship based cons are some of the easiest to perpetrate. Why? Because, by nature, it involves trusting someone or something. For example, some cons spend months grooming their marks before asking for $500 to be wired to the overseas passport office to help clear up a paperwork mess so they can come for a visit.

Previously the dominion of online dating sites, this type of crime has made its way into social media. There are countless victims who have never joined a dating service but were still conned into fake love or friendship from perfectly innocent-looking Facebook groups or chat rooms devoted to hobbies like sewing or horseback riding. It all starts with a simple e-mail, perhaps enhanced by a little Facebook research (“Hey, you love the Utah Jazz and the country music too!”)

Facebook Apps

Facebook apps come in hundreds of varieties. There are quizzes, games, tools and other apps that let users rank everything from favorite music to the most disliked celebrities. Each of these apps requires the user to install a few lines of code to the Facebook profile.

But not all apps are innocent. For example, everyone should pay attention to what kind of information the app says it must be able to access to work properly. When filling out a Facebook profile, users can include information ranging from date of birth to an address. No one wants an app that shares any of that personal information with others.

In Facebooks privacy policy it states that users can choose which information remains private. But it also points out that no system safeguards are perfect. It’s possible for developers to find ways around safeguards and access personal information. It’s a good idea to do a little research about an app before choosing to add it to a profile.

Then there the apps that are outright scams. Take, for instance, the sad tale of those who fell prey to scammers after taking a simple IQ quiz. To receive the results, users were required to submit their cell phone number and wait for a text. When users opened their next cell phone bill, they discovered charges from the app.

Some apps even go so far as to impersonate standard Facebook features, like “Friend’s Gifts” and “Your Photos.” These scams then send convincing notifications like “someone has commented on your photo,” or “has posted on your wall.” These notifications lead to a fake login page asking for permission to access your Facebook account. These scams can be tough to spot because they mimic real Facebook notifications. Users need to learn to look for tiny inconsistencies in apps (misspellings, clunky wording or poor English usage). Who would have ever guessed that our 6th grade teacher was right when they said “learning grammar is important.”

There are no comments yet, add one below.

You must be logged in to post a comment.