How do Facebook Hacks Lead to Identity Theft?
There’s been a lot of attention paid to Facebook and possible links to identity theft over the past year. Facebook now claims a Billion (with a B) users worldwide and users share information about their lives to a greater or lesser degree, based on what they post on Facebook.
Each user also may have a varied understanding of Facebook privacy settings and how they may affect the distribution of our information. Something to consider: where else can identity thieves go to potentially gain access to 1 billion user identities? What this means to criminals is that any effort they expend to exploit Facebook users can then be used successfully many, many times. Facebook is a big target, and worth the effort.
First, please understand for your own benefit, that hacking a Facebook account is a crime. California Penal Code 530.5 makes it a potential crime to unlawfully access person’s account to produce changes to the account, including profiles, comments, and other information posted by the owner. This law also makes it a crime to obtain personal identifying information of a person and then use that information to obtain services, property, or another benefit (identity theft). Many other states have similar statutes. So, changing your friend’s Facebook profile because you happened to become privy to the password may have consequences far more costly than expected. Keep in mind that your access and modification of a profile is potentially a criminal offense. So, both access/modification and use of information found on a Facebook profile not belonging to you may result in criminal charges against you.
So how can identity thieves attack you through Facebook? Here are some examples:
- Realize that each person you “friend” now obtains access to significant information about you, as well as ability to interact with you in a manner that may make exploits against you possible. Just because they are a “friend of a friend” does not mean that person is somehow legitimate to be your friend.
- Malware injection is that procedure where a “friend” in some way convinces you to click a link or run a program that installs malware on your computer. Your computer and possibly your FB account can now be partially controlled by external users, and they will use this control to send spam, advertise illicit products, or otherwise, interact with your friend's list.
- Linkjacking is a Facebook threat where the account is hijacked in a manner that allows the thief to “message” other users with viruses, ads, links, etc.
- Social Engineering is common on social networking sites and a common outgrowth of the spread of your personal information. It is human nature to be more likely to respond to an email when the sender includes information that shows they know a lot about you. A phishing email sent to you that gets you to respond, and compromise your security, is much more convincing when it appears that the sender knows you in some way.
- Account Access is when criminals obtain access to Facebook accounts using brute force tools to guess the password, or using compromised credentials. Regardless of how it’s done, the criminal now has access to your friend's list, and an authentic cyber identity that can be used for cons, scams, and other exploits, all based on the fact that the targets would not expect that of you.
- Cloning – It is often far too easy to collect images and other information from your Facebook user profile in order to create a new Facebook account that is similar in many ways to your current account. Then all those appearing on your friend's list are sent a new invitation from the clone account, and some of those will reply, due to the familiarity of the images and information. They are then open to use by the criminal.
The list above is not intended to be all-inclusive, rather it is to show that criminals do want your information, and will use it in many ways you probably have not thought of. It is important to protect your user credentials, limit your friends to those you really do know, and be suspicious of links, games, and other enticements which may be linked to security problems. Clicking that link to the Free Grand Prize might be an expensive trip.
How much information are you putting out there? It's probably too much. To help you stop sharing Too Much Information, sign up for the TMI Weekly.