Elgan: Why you can't trust 'friends' on Facebook

Computerworld - Every form of communication, from snail-mail to e-mail, chat and others, is subject to fraud and scams. But social networks like Facebook are subject to new, more dangerous opportunities for fraud.

With e-mail and IM spam and Internet scams, the whole social-engineering game is to get you to trust a stranger. But social networks are different. The goal there is to get you to believe the fraudster is a friend whom you already trust.

If you're on Facebook, you've no doubt got a bunch of friends. And if you're like most Facebook users, you're certain those friends are exactly who they say they are. And you might be right. Or you could be wrong. They could be scammers posing as your friends.

How hard is that, exactly? It turns out to be hideously easy to do.

If this kind of false-identity fraud hasn't been attempted against you in the past, I can assure you it will be in the future. Scammers are quickly realizing that posing as another person is a foolproof way to get around the age-old trust issue that can ruin a good con.

How to steal friends and influence people

I'm going to tell you exactly how someone can trick you into thinking they're your friend. Now, before you send me hate mail for revealing this deep, dark secret, let me assure you that the scammers, crooks, predators, stalkers and identity thieves are already aware of this trick. It works only because the public is not aware of it. If you're scamming someone, here's what you'd do:

Step 1: Request to be "friends" with a dozen strangers on MySpace. Let's say half of them accept. Collect a list of all their friends.

Step 2: Go to Facebook and search for those six people. Let's say you find four of them also on Facebook. Request to be their friends on Facebook. All accept because you're already an established friend.

Step 3: Now compare the MySpace friends against the Facebook friends. Generate a list of people that are on MySpace but are not on Facebook. Grab the photos and profile data on those people from MySpace and use it to create false but convincing profiles on Facebook. Send "friend" requests to your victims on Facebook.

As a bonus, others who are friends of both your victims and your fake self will contact you to be friends and, of course, you'll accept. In fact, Facebook itself will suggest you as a friend to those people.

(Think about the trust factor here. For these secondary victims, they not only feel they know you, but actually request "friend" status. They sought you out.)