This Friday, Facebook will go public in one of the most anticipated IPOs in history. With more than 900 million users, Mark Zuckerberg’s expanding social media empire has become a seemingly irreplaceable part of the online experience. Unfortunately, a byproduct of its success is that millions of Americans are far more exposed to a number of cyber crimes that also teem on the site.
To be sure, cyber crimes have been occurring for some time, but the presence of social media has made many crimes much easier to commit. In social networks people make “friends” without knowing the person and make personal information easily available. And none of the networks present more opportunity to criminals than Facebook and its hundreds of millions of users. With this in mind, 24/7 Wall St. looked at some of the most common ways criminals use Facebook.
[More from 24/7 Wall St.: 8 Products the Facebook Generation Will Not Buy]
Internet security analysts warn that Facebook is a hotbed for online crime. According to an infographic published earlier this year by ZoneAlarm, a leading Internet security software provider, “roughly 4 million Facebook users experience spam on a daily basis, 20% of Facebook users have been exposed to malware,” and Facebook receives 600,000 reports of hijacked log-ins every day.
Facebook knows that there is a problem. Earlier this year, the social media giant began working with the U.S. Attorney General’s office to try to combat linkjacking, a new form of account hacking and spam that is more or less unique to Facebook. Through various kinds of identity theft, linkjacking spammers send messages containing false ads or even viruses to the victims, pretending to be a Facebook friend.
[Related: Facebook IPO News]
Like linkjacking, malware represents yet another growing threat for Facebook users, Dr. Kent Seamons, assistant professor in the Computer Science Department at Brigham Young University, told 24/7 Wall St. “Hackers get malware on your machine and get tens if not hundreds of thousands of these machines under their control and then they rent them out to spammers and others,” Seamons explains. Renting Facebook accounts to spammers is one of the many ways that thieves monetize the personal information they steal. These rented accounts can then be used to advertise products illicitly or to request money from unsuspecting friends.
Ultimately, all social media sites make it easier for criminals to deceive their victims. According to a study published in Communications of ACM, a journal for computing professionals, the percentage of students that responded to a phishing email increased from 16% to 72% when the email included relevant social information about the target. For example, scams that make it appear that a message comes from a friend of the target make it more likely that the target will respond.
[More from 24/7 Wall St.: America’s Favorite Beers]
These are the nine ways criminals use Facebook.
1. Hacking Accounts
When criminals hack a Facebook account, they typically use one of several available “brute force” tools, Grayson Milbourne, Webroot’s Manager of Threat Research for North America, told 24/7 Wall St. in an interview. These tools cycle through a common password dictionary, and try commonly used names and dates, opposite hundreds of thousands of different email IDs. Once hacked, an account can be commande
ered and used as a platform to deliver spam, or — more commonly — sold. Clandestine hacker forums are crawling with ads offering Facebook account IDs and passwords in exchange for money. In the cyber world, information is a valuable thing.
2. Commandeering Accounts
A more direct form of identity theft, commandeering occurs when the criminal logs on to an existing user account using an illegally obtained ID and password. Once they are online, they have the victim’s entire friend list at their disposal and a trusted cyber-identity. The impostor can use this identity for a variety of confidence schemes, including the popular, London scam in which the fraudster claims to be stranded overseas and in need of money to make it home. The London scam has a far-higher success rate on Facebook — and specifically on commandeered accounts — because there is a baseline of trust between the users and those on their friends list.