It was only a matter of time before scammers discovered social media. To them, email phishing scams are so 2009. Really aggressive identity thieves are now using social media sites like Facebook, Twitter and LinkedIn to ensnare victims. It turns out it's easier and a lot more lucrative.
Social media uses are always getting friend requests. Most often it's someone from the user's circle of friends. But getting a friend request from a friend-of-a-friend is not uncommon.
Assuming that person is who they say they are, without confirming it, is dangerous, says Arun Vishwanath, associate professor of communication at the University of Buffalo. You could fall victim to what's being called “farcing,” exposing dozens of your friends and contacts for good measure.
“Farcing takes place on popular social media platforms like Facebook, Twitter, LinkedIn and Google Plus and has been used for online bullying, identity theft, organizational espionage, child pornography and even burglary,” said Vishwanath.
Wealth of information
Consider all the information that is available to a “friend.” It's enough to make a scammer hyperventilate. Once accepted as a friend, the scammer would have access to your name, your nicknames and the names of friends and relatives.
Chances are he would learn what schools you attended and where you have worked. He might even learn your address, pet’s name, favorite vacation sites plus when you’re leaving and how long you’ll be gone. The list is almost endless and all of it is valuable to someone trying to steal your identity.
Vishwanath got the idea for a study of the phenomenon from a local crime story in the Buffalo area. He says a substitute teacher created a false identity and fake Facebook profile in which he pretended to be a female student. He allegedly used that identity to entice minors — some of whom were his students — to send him explicit sexual photographs. He is now serving 30 years in prison.
But people who want more than mere sexual titillation have grabbed onto social media as a means to pry sensitive information from unsuspecting victims – information that can be used to take out loans and clean out bank accounts.
Testing his theory
To prove his point Vishwanath set up a simulated farcing experiment on Facebook and watched it unfurl. He created 4 fake profiles, each with different levels of information attached to them. For example, some had photos and other friends, some didn't.
He next recruited 150 Facebook users and contacted them with friend requests. One in 5 agreed with the initial friend request. Another 13% of that group agreed to provide the new “friend” with additional information about themselves when he asked. That's what he calls Stage 2 of a farcing attack.
“A motivated farcer can go on to the second stage, requesting more information directly from the victim by using messaging functions within the social media platform,” Vishwanath said. “Messages can be crafted to take advantage of the asymmetries between the information mined from the victim’s page and the deceptive intent of the phisher.”
One obvious way to protect yourself, he says, is to be much more careful when you make friending decisions — phony, even felonious, characters will present themselves as great new friend possibilities. Only friend people you actually know. Another way is to limit the amount and types of personal information you share on social media sites.
“These scams are on the rise and will continue to increase with the popularity of social media, exponentially increasing the number of farcing victims worldwide,” Vishwanath said.
The Identity Theft Resource Center (ITRC) has conducted a study of Facebook users, assessing their awareness of the farcing threat. The results were not encouraging.
The ITRC study found that more users tended to be concerned and aware of identity theft related to Facebook, they did not always act in accordance with such concerns. Consumers still tend to believe that financial harm cannot be caused by Facebook usage, the report concluded.
“As our world transforms more and more into a cyber environment, social networking becomes a larger part of our lives,” said Nikki Junker, Social Media Coordinator for the ITRC. “Because of this, it is important to understand how social networking users comprehend the safety risks while engaging on such sites.”