Elgan: Why you can't trust 'friends' on Facebook
Facebook is popular and growing -- especially with criminals. Here's why they love it.
November 26, 2008 12:00 PM ETComputerworld - Every form of communication, from snail-mail to e-mail, chat and others, is subject to fraud and scams. But social networks like Facebook are subject to new, more dangerous opportunities for fraud.
With e-mail and IM spam and Internet scams, the whole social-engineering game is to get you to trust a stranger. But social networks are different. The goal there is to get you to believe the fraudster is a friend whom you already trust.
If you're on Facebook, you've no doubt got a bunch of friends. And if you're like most Facebook users, you're certain those friends are exactly who they say they are. And you might be right. Or you could be wrong. They could be scammers posing as your friends.
How hard is that, exactly? It turns out to be hideously easy to do.
If this kind of false-identity fraud hasn't been attempted against you in the past, I can assure you it will be in the future. Scammers are quickly realizing that posing as another person is a foolproof way to get around the age-old trust issue that can ruin a good con.
How to steal friends and influence people
I'm going to tell you exactly how someone can trick you into thinking they're your friend. Now, before you send me hate mail for revealing this deep, dark secret, let me assure you that the scammers, crooks, predators, stalkers and identity thieves are already aware of this trick. It works only because the public is not aware of it. If you're scamming someone, here's what you'd do:
Step 1: Request to be "friends" with a dozen strangers on MySpace. Let's say half of them accept. Collect a list of all their friends.
Step 2: Go to Facebook and search for those six people. Let's say you find four of them also on Facebook. Request to be their friends on Facebook. All accept because you're already an established friend.
Step 3: Now compare the MySpace friends against the Facebook friends. Generate a list of people that are on MySpace but are not on Facebook. Grab the photos and profile data on those people from MySpace and use it to create false but convincing profiles on Facebook. Send "friend" requests to your victims on Facebook.
As a bonus, others who are friends of both your victims and your fake self will contact you to be friends and, of course, you'll accept. In fact, Facebook itself will suggest you as a friend to those people.
(Think about the trust factor here. For these secondary victims, they not only feel they know you, but actually request "friend" status. They sought you out.)
Facebook flaps
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Network Managed Services: A Cost-Effective Approach to Complexity
Outsourcing network management can save time and drive lower total cost of ownership.
Data in Action: Making the Planet Smarter
Register Now
Infrastructure 2.0 - Grainger Reduces Network Expenses While Boosting Availability
Keeping the Network Strategic to the Business
Oracle Accelerate - Not Just Smart but Timely
Download Now!
The Workday User Experience Video
Watch Workday's Creative Director, Scott Lietzke, discuss the business-centered design philosophy at Workday.
Why BI is Ripe - Now! - For Businesses of Any Size
Download Now!
Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!
Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.
Computerworld Reports
Disaster Recovery & Cost Savings Zone
Thousands of customers world-wide have turned to virtualization solutions from Riverbed as a way to reduce costs.

