Tech savvy crooks and criminals are increasingly using popular social networks like Facebook, Twitter and MySpace as tools for their latest phishing schemes.
Cybercrooks realize that popular social networks contain a wealth of personal information contributed by their growing user base.
Over the past 3 years almost 3,200 account hijacking cases on social networks were reported to the Internet Crime Complaint Center. The Internet Crime Complaint Center is a partnership between the FBI; the National White Collar Crime Center and the Bureau of Justice Assistance.
Fake profile updates, emails, video and links are used to trick social network users into revealing personal information about themselves on scam sites, including logon IDs and passwords.
Once a person’s social network account is hacked, the criminals can trick their list of friends and repeat the crime on other people. Social networks provide plenty of opportunity to trick more people – the average Facebook user has 120 friends on their list.
The huge growth in social networks has created great tools for cybercriminals. Facebook alone has 300 million registered people.
Cybercriminals are experts at using social engineering to trick people. They can use a friend’s social network profile to trick you into thinking the said person is in trouble and needs financial help, causing some to give out personal and financial information.
A 2005 study from Indiana University showed that as much as 70% of social network phishing scams are successful.
The Internet Crime Complaint Center received over 72,000 complaints about Internet fraud in 2008 that amounted to $264.6 million in financial loss, with each victim losing an average of $931 USD.
Social networks are responding to this new threat.
Facebook has created computer systems that detect phished user accounts. They can recognize and lock user accounts that send an unusually high amount of messages to friends.
MySpace compiles blacklists of phony user accounts to stop people from clicking on phishing links.