Association News NZIPI
Five ways criminals use facebook
F
acebook went public on the 21st May 2012 in one of the most anticipated IPO’s in history. With more than 900 million users, Mark Zuckerberg’s expanding social media empire has become a part of the online experience. A by-product of its success is that millions of people around the world are now far more exposed to a number of cybercrimes that result from criminals having access to this media. The modern Private Investigator needs to be savvy and up to date with the most modern technology to combat this ongoing trend involving the cybercriminal. Cybercrime has been around for a long time but the presence of social media has made many crimes easier to commit. In social networks people often make ‘friends’ without knowing the person and make their personal information easily available. None of the networks present more opportunity to criminals than Facebook and its hundreds of millions of users. Recent studies have identified some of the most common ways criminals use Facebook to their advantage. 1. Hacking accounts When criminals hack a Facebook account they typically used one of several available ‘brute force’ tools, which cycle through a common password directory and try commonly used names and dates, opposite hundreds of thousands of different email ID’s. Once hacked, an account can be commandeered and then used as a platform to deliver spam, or – more commonly – sold. Clandestine hacker forums are crawling with ads offering Facebook account ID’s and passwords in exchange for money. In the cyber world, information is a valuable resource. 2. Commandeering accounts A more direct form of identity theft, commandeering occurs when the criminal logs onto an existing user account using
36
June - July 2012
an illegally obtained ID and password. Once they are online, they have the victim’s entire friend list at their disposal and a trusted cyber-identity. The imposter can use this identity for a variety of confidence schemes, such as a popular one that has become known as the London scam in which the fraudster claims to be stranded overseas and in need of money to make it home. This scam has a far higher success rate on Facebook, and specifically of commandeered accounts, because there is a baseline of trust between the users and those on their friends list. 3. Profile cloning Profile cloning is the act of using unprotected images and information to create a Facebook account with the same name and details of an existing user. The cloner will then send “friend” requests to all of the victim’s contacts. These contacts will likely accept the cloner as a friend since the request appears to be from someone they’re familiar with. Once accepted the criminal has access to the targets personal information which they can then use to clone other profiles or to commit fraud. By doing this they exploit a person’s account and postulate as that person to extract information. The scariest aspect of this offending is its simplicity as hacking acumen is unnecessary to clone the profile; the criminal simply needs a registered account. 4. Fake Facebook A common form of phishing is the fake Facebook scam. The scammer’s direct users via some sort of clickable enticement, to a spurious Facebook log in page designed to look like the real thing. When the victims enter their usernames and passwords, they are collected into a database, which the scammer will often then sell. Once scammers have purchased a user’s information they can take advantage of their assumed identity through apps like Facebook Marketplace
Michael Campbell is the Vice Chairman of the NZIPI and he has operated his business as a self-employed Private Investigator in New Zealand for the past 31 years. www.advancedinvestigations.co.nz and buy and sell a laundry list of goods and services. Posing as a reputable user lets the scammer capitalise on the trust that person has earned by selling fake goods and services or promoting brands they have been paid to advertise. 5. Mining unprotected information Few sites provide an easier source of basic information than Facebook. While it is possible to keep all personal information on Facebook private, users frequently reveal their emails, phone numbers, addresses, birth dates and other pieces of private data. As security experts and hackers know, this kind of information if often used as passwords or as answers to secret security questions. While the majority of unprotected information is mined for targeted advertising, it can be a means to a more devious purpose such as profile cloning and ultimately, identity theft. These are but a few of many examples of computer related crimes the modern investigator needs to be aware of. New Zealand legislation has been updated in recent years to prohibit behaviour when criminals access computers for a dishonest purpose or without the authority of the computer owner. Offenders who commit computer related crimes are often surprised to discover the serious consequences they can face upon conviction for breaches of sections 249-252 Crimes Act 1961. NZ Security