By Jim Finkle - Analysis
BOSTON (Reuters) - Cybercrime is rapidly spreading on Facebook as fraudsters prey on users who think the world's top social networking site is a safe haven on the Internet.
Lisa Severens, a clinical trials manager from Worcester, Massachusetts, learned the hard way. A virus took control of her laptop and started sending pornographic photos to colleagues.
"I was mortified about having to deal with it at work," said Severens, whose employer had to replace her computer because the malicious software could not be removed.
Cybercrime, which costs U.S. companies and individuals billions of dollars a year, is spreading fast on Facebook because such scams target and exploit those naive to the dark side of social networking, security experts say.
While News Corp's MySpace was the most-popular hangout for cyber criminals two years ago, experts say hackers are now entrenched on Facebook, whose membership has soared from 120 million in December to more than 200 million today.
"Facebook is the social network du jour. Attackers go where the people go. Always," said Mary Landesman, a senior researcher at Web security company ScanSafe.
Scammers break into accounts posing as friends of users, sending spam that directs them to websites that steal personal information and spread viruses. Hackers tend to take control of infected PCs for identity theft, spamming and other mischief.
Facebook manages security from its central headquarters in Palo Alto, California, screening out much of the spam and malicious software targeting its users. That should make it a safer place to surf than the broader Internet, but criminals are relentless and some break through Facebook's considerable filter.
The rise in attacks reflects Facebook's massive growth. Company spokesman Simon Axten said that as the number of users has increased, the percentage of successful attacks has stayed about the same, remaining at less than 1 percent of members over the past five years.
By comparison, he said, FBI data show that about 3 percent of U.S. households were burglarized in 2005.
"Security is an arms race, and we're always updating these systems and building new ones to respond to new and evolving threats," Axten said.
When criminal activity is detected on one account, the site quickly looks for similar patterns in others and either deletes bad emails or resets passwords to compromised accounts, he said. Facebook is hiring a fraud investigator and a fraud analyst, according to the careers section of its website.
CANNOT GUARANTEE WEB SAFETY
But ultimately Facebook says its members are responsible for their own security.
"We do our bbest to keep Facebook safe, but we cannot guarantee it," Facebook says in a warning in a section of the site on the terms and conditions of use, which members might not bother to read. (www.facebook.com/terms.php)
People implicitly trust social networking sites because they don't understand the real threats and dangers. It's like walking down the street and trusting everybody you meet," said Randy Abrams, a researcher with security software maker ESET.
Amy Benoit, a human resources manager in Oceanside, California, said she may stop using Facebook altogether after she became entangled in a popular scam: A fraudster sent instant messages to a friend saying that Benoit had been attacked in London and needed $600 to get home.
Yale University last week warned its business school students to be careful when using Facebook after several of them turned in infected laptops.
One of the most insidious threats is Koobface, a virus that takes over PCs when users click on links in spam messages. The virus turned up on MySpace about a year ago, but its unknown authors now focus on spreading it through Facebook, which is struggling to wipe it out.
"Machines that are compromised are at the whim of the attacker," said McAfee Inc researcher Craig Schmugar.
McAfee, the world's No. 2 security software maker, says Koobface variants almost quadrupled last month to 4,000. "Because Facebook is a closed system, we have a tremendous advantage over e-mail. Once we detect a spam message, we can delete that message in all inboxes across the site," said Schmugar.
Facebook's Axten said the site does not know how many users have been infected by Koobface.
A new website that follows Facebook news, www.fbhive.com, recently identified a vulnerability that made it possible to access any user's private information using a simple hack. The loophole has since been closed.
"We don't have any evidence to suggest that it was ever exploited for malicious purposes," Axten said.
Hackers even find ways to get into accounts of savvy users like Sandeep Junnarkar, a journalism professor at City University of New York and former tech reporter. Last month he learned his account was hacked as he waited for a flight for Paris. He quickly changed his password before boarding.
"Am I surprised that it happened? Not really," he said.
(Editing by Jason Szep and Gerald E. McCormick)
Identity Theft
Social networking like Facebook and Myspace are becoming favourite hunting grounds for identity theives.
Identity thieves use your own information against you to assume your identity. An identity thief can then open bank accounts, write bad checks, acquire new credit card accounts, personal loans, cash advances, cellular phone accounts or even illegally obtain employment in your name. They may even break the law using your name.
Who Are These Identity Thieves? It could be anyone. Although about half of identity theft cases in America are attributed to someone who knows the victim, but don‘t assume that this is the only area that the threat of fraud attacks from. Anyone wIho has access to your personal information could descend your identity and credit history in turmoil by assuming your identity.
Why do they do it?
Illegal immigrants do it to work in foreign countries. Some people do it so they can have access to medical insurance. Some people commit identity theft to hide from their past. The most sinister are terrorists or people who have previously committed a serious crime, like sex offenders who change their identity to try and gain access to employment at schools and gain access to children. Some are internet hackers who run their scams on stolen credit cards and bandwidth provided by unknowing users.
This practise has become more and more prevalent with the popularity of wireless internet. Most people do not take precautions when they use wireless internet and it is like leaving your front door open while you sleep at night.
Who is at Risk of Identity Theft?
Everyone is. Those at greatest risk don’t dispose of, or are careless with, information like credit card numbers, bank and other accounts, birth certificates, numbers associated with income tax and driver’s licenses. On line, the threats are ever increasing and range from issues like phishing to hidden code within social sites like Myspace and Facebook. You should be very careful about forwarding your information across the web, especially when using wireless internet.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment