Experts from VeriSign’s iDefense team say fraudulent and hijacked Facebook accounts are being sold on the black market.
During and investigation in February, iDefense workers discovered that login information for 1.5 million Facebook accounts was for sale through numerous online black market sites.
One Facebook account thief, who goes by the user name of “kirllos”, offered to sell batches of 1,000 accounts for anywhere from $25 to $45, depending on the number of friends associated with the account.
According to Rick Howard, iDefense’s director of cyber intelligence, the findings show that the illegal market for stolen Facebook accounts is growing rapidly.
Facebook account thieves can steal user data through “phishing” scams that fool users into revealing their passwords or with malware that records computer keystrokes.
The stolen user accounts are then used to send spam email and spread malware and run identity theft rings.
Facebook users are prime targets because there is a high level of trust on the social network, due to the fact that people are required to use their real names and usually connect with people they know.
Due to this trust, Facebook users are more likely to trust a spam message or click on a malicious link posted on a friend’s wall or an e-mail message.
In addition, Facebook accounts allow cyber criminals to mine the user profiles of victims and their network for personal information like birth dates, addresses, phone numbers and other data that can be used for identity theft.
Although Facebook warns against it, many users willingly approve friend requests from people they do not know.
In one example, the Facebook account of Eileen Sheldon was hacked and used to send fraudulent messages to 20 of her friends claiming she was stranded in Britain without a passport and was requesting money.
Ms. Sheldon, who lives in California, had recently traveled to London. One of her friends believed the fraudulent message and wired $100 to the thieves.
Although Facebook has numerous tools for detecting fraud, some clever criminals can still get around the system and make social networking a minefield for unsuspecting users.
[ Source: New York Times ]