Gordon M. Snow, Assistant Director, Federal Bureau of Investigation testified before the House Judiciary Subcommittee on Crime, Terrorism, and Homeland Security. He outlined FBI efforts to fight cybercrime on social networking sites.
It’s not a pretty picture. The rise of social networking sites like Facebook over the past three years has seen a corresponding rise in attempts by criminals to use these sites to target unsuspecting users. Accordig to Snow, “cyber criminals are using a variety of schemes to defraud or victimize innocent social networking site users.”
He went on to highlight some of the most serious cybercrimes, which we’ve summarized below:
“Regardless of the social networking site, users continue to be fooled online by persons claiming to be somebody else. Unlike the physical world, individuals can misrepresent everything about themselves while they communicate online, ranging not only from their names and business affiliations (something that is fairly easy to do in-person as well), but extending as well to their gender, age, and location (identifiers that are far more difficult to fake in-person).”
He went on to say that “In addition to Identity Theft crimes, child predators routinely use social networking sites to locate and communicate with future victims and other pedophiles.”
On the topic of online fraud, Snow reported,
“There are a variety of Internet fraud schemes being used by cyber criminals at any given time. By way of example, a recent fraud scheme involves a cyber criminal gaining access to an unsuspecting user's email account or social networking site. The fraudster, who claims to be the account holder, then sends messages to the user's friends. In the message, the fraudster states that he is on travel and has been robbed of his credit cards, passport, money, and cell phone; and is in need of money immediately. Without realizing that the message is from a criminal, the friends wire money to an overseas account without validating the claim.”
Phishing Scams continue to target unsuspecting users
“Phishing schemes attempt to make Internet users believe that they are receiving e-mail from a trusted source when that is not the case. Phishing attacks on social networking site users come in various formats, including: messages within the social networking site either from strangers or compromised friend accounts; links or videos within a social networking site profile claiming to lead to something harmless that turns out to be harmful; or e-mails sent to users claiming to be from the social networking site itself. Social networking site users fall victim to the schemes due to the higher level of trust typically displayed while using social networking sites. Users often accept into their private sites people that they do not actually know, or sometimes fail altogether to pproperly set privacy settings on their profile. This gives cyber thieves an advantage when trying to trick their victims through various phishing schemes.”
On the topic of Data Mining
“Cyber thieves use data mining on social networking sites as a way to extract sensitive information about their victims. This can be done by criminal actors on either a large or small scale. For example, in a large-scale data mining scheme, a cyber criminal may send out a "getting to know you quiz" to a large list of social networking site users. While the answers to these questions do not appear to be malicious on the surface, they often mimic the same questions that are asked by financial institutions or e-mail account providers when an individual has forgotten their password. Thus, an e-mail address and the answers to the quiz questions can provide the cyber criminal with the tools to enter your bank account, e-mail account, or credit card in order to transfer money or siphon your account. Small-scale data mining may also be easy for cyber criminals if social networking site users have not properly guarded their profile or access to sensitive information. Indeed, some networking applications encourage users to post whether or not they are on vacation, simultaneously letting burglars know when nobody is home.”
As the popularity of social networking sites grow, so do the risks associated with using them. Here are a few tips to help protect yourself online.
- Be careful when clicking on links and don’t blindly trust that a message is really from who it says it is from. A general rule of thumb is, if it doesn’t feel right to click on the link, don’t!
- Be careful what you post about yourself online. Why is this important? Because a common technique hackers use to break into accounts is to click on the “forgot password” link. They then guess at your password by using information such as your birthday, place of birth, your job, marital status, that you have posted online for everyone to see.
- Understand and frequently review the security and privacy settings for each social network in which you participate. Select the most restrictive settings possible and realize that not everyone is your friend out there.
- Not everyone is your friend and you don’t have to accept every friend request. As you have read above, hackers and criminals will create fake profiles to obtain personal information from you.
- In addition to being careful about what you post online, remember that everything that you put on the Internet is permanent. Even if you delete your social network profile, criminals can print text and photos or save them to a computer.