You have a new status update: “A thief is enjoying a vacation to Hawaii—and you paid for it!” Impossible, you say? On a recent phishing expedition, identity thieves used fake login pages to catch usernames and passwords from social networking site Facebook.com. They first spammed Facebook users through the site’s mail system with one-line messages containing a website that mimicked Facebook’s login screen. When users tried to login, the identity thieves stole their Facebook credentials.
How can identity thieves use that information? Easily. With your credentials, thieves approach your friends, either by asking for money or through Spam campaigns. In one instance, an identity thief changed his victim’s Facebook page, begging friends for help with an urgent surgery—and one friend gave the thief $1,000!
“We’ve seen a drastic uptick in Social Media scams over the past year. [Social engineers] look to infiltrate your Facebook account and send e-mails to your friends asking for money. If you think it’s from a friend, you might consider sending something,” reported John Kane, author of the Internet Crime Complaint Center’s annual report on computer crime, issued in association with the Federal Bureau of Investigation.
Social engineering is especially dangerous in social media because most social media users speak freely about sensitive information with little-to-no thought about who might be eavesdropping. Here are a few tips to use social media wisely.
Did You Know?
Consumers aren’t the only victims of misuse of social media; businesses can also suffer from lost productivity and information. Over 60% of system administrators in America worry that employees who use social networking sites will put their company’s IT infrastructure at risk.
A quarter of these organizations also report that they have been the victim of spam, phishing, and malware attacks via sites like Twitter, Facebook, and LinkedIn. An absent click here, or a seemingly innocuous piece of information there, puts our organization at risk.
Don’t use social media websites on our organization’s time or equipment. You won’t be so apt to divulge your work projects, you’ll be more productive, and your IT administrator will sleep easier at night, knowing that an accidental click won’t jeopardize our organization’s network.
Protect your personal information. On social media, know that your status updates, profile, and daily activities—simple as they may seem—could be used by thieves to steal your identity. You can make it harder for thieves by setting your profile settings to private so your friends are the only people who can view your information. They’re the people you were writing for in the first place, right?
Follow these precautions and beware of thieves using the social media accounts of others to solicit you for information or money.