Women beware: A con man is out of prison
By Tom Blake
When older singles date new people, one of the most important precautions they should follow is to trust their instincts. If they sense something isn’t right about the new person, there is a strong chance they’re right.
But when people are lonely and want to be in a relationship and loved, they tend to downplay those instincts by viewing potential partners through rose-colored glasses.
Susie, an educated woman with a successful career, says she did just that. At 55, she met a man, 62, on Yahoo Personals. However, she learned that his listed name was not his true name and that his age was 66.
However, one can’t blame Susie for initially being impressed. She said: “He is well-educated (except he can’t spell), charming and writes e-mails that are like love letters. He says he has a nice home and a yacht in Florida. He states he is a partner in two corporations – one in entertainment and one in construction. He treated me well, spent time getting to know my family and even went to church with me. We made a lot of plans for the future together.”
When Susie saw red flags at the beginning of the relationship, she still elected to proceed, albeit cautiously. But not cautiously enough, as she explained:
“The first time I let my guard down, he made his move. I had something at my house that had been broken for a long time and he knew someone who could fix it. I was going out of town on a business trip and this was the only time he could come fix my problem (should have been a huge red flag). I left him my house keys. This was the first time I had let him have access to my house.
“When I got back from my business trip, I checked my bank account online and saw three checks written that I did not recognize. I called my bank and figured out what was going on.”
The man she had been dating had stolen her checkbook.
She called police. “While the policeman was at my house, I called the man and told him I knew what he had done and if he ever stepped foot on my property, I would have him arrested,” Susie said. “I never told him I filed a police report, because I did not want him to run. That night I had all the locks changed on my house.”
Susie said most everything he told her was untrue. He didn’t have a car or a job. Immediately after Susie ended the relationship, he was back on Yahoo Personals.
Susie didn’t hear anything from the police; she figured nothing would happen because it was a small crime.
She continued: “About 1½ years later, I got a letter from the district attorney. The man had been arrested and was sentenced to three years in prison and four years’ probation. He only served 1½ years and was supposed to start making restitution to me three months after he got out. I haven’t seen any of the money and don’t care. The amount was not great; my bank put the money back in my account because they should not have cashed the checks.”
Susie talked about the psychological effects: “It hurts to realize that I did not mean anything to him. I have been very embarrassed and angry at myself. Although the amount of money was not great, you cannot put a price tag on the hurt and suffering this man caused me.”
Lessons learned from Susie’s story:
• A background check may have saved Susie from this ordeal.
• It’s easy to blame the Internet. But what happened in Susie’s case happened after they were together in person.
• When legally violated, file a police report.
• Check your bank and credit-card statements often.
• Pay attention to red flags; trust your instincts. Don’t allow loneliness to cloud your thinking.
Women beware: This Internet-dating ex-con will strike again.
Source: The Orange County Register
Kissing Frogs in Cyberspace gives us online dating humor – and horrors
By Rinsky
Thinking back to our high school English teachers, we may wonder what the heck they would know about online dating. Or dating at all, for that matter.
But Dianne Sweeney, a Marana native who now teaches high school English in California, has learned enough about the online dating scene to write a whole book about it.
Kissing Frogs in Cyberspace chronicles some of her humorous – and downright disastrous – online dating experiences. Sweeney was sweet enough to give us some of her insider knowledge.
Like the best way to go about online dating.
“You have to be yourself,” she said. “Do not lie about your weight, age, height. Be yourself.”
She also cautions not to take others at face value.
“Do NOT give people your personal address until you have met them a couple of times,” she warned in an e-mail. “Everybody is on his/her best behavior the first couple of dates. However, it won’t take long for their true colors to show if they are hiding anything.”
One guy who showed up 30 minutes late after Sweeney took a 45-minute drive to meet him, might have been better off hiding the truth.
“He apologized profusely and I asked what happened,” Sweeney said. “He said his mom wouldn’t let him out of the house until he walked his dog. He was 41 years old. The date went downhill from there.”
She did find a keeper through her online experiences. “He was sweet, funny, and enjoyed life,” she said. “He was very respectful.”
Unfortunately, his job didn’t keep him local and their relationship did not survive being a long distance romance.
“Don’t get frustrated,” is advice she both gives and follows. “Try a few different sites, and just have fun and laugh.”
Sweeney started online dating since she’s a busy woman. In addition to teaching English, she makes time for biking, reading and enjoying time with her favorite cat Scout.
“I thought (online dating) might be one way to find a Harry for my Sally,” she said. “I am still waiting.”
But she’s not giving up.
“Don’t get discouraged,” she repeats. “Dating is hell, and we are all out there.”
Source: tucsoncitizen.com
Top 10 Resolutions Not to Make This Year
At Cosmo, we feel the same way about New Year’s resolutions as we do about rules — some are just meant to be broken. Here, 10 things that shouldn’t show up on any Cosmo girl’s list of do’s and don’ts for 2010.
By Zoe Ruderman
1. Quit your job and wait for a dream career opportunity to present itself. Recession shmecession.
Reality check: Suck it up and hang on to your gig for now. Appease yourself by taking a class or picking up a hobby that will make your résumé stand out, like learning a foreign language or starting a blog.
2. Lose five pounds.
Reality check: Hot chicks like Jessica Biel, Beyoncé, and ScarJo are proof that toned and curvy is the new skinny.
3. Finally win back your ex-boyfriend.
Reality check: Move on. We give you permission to engage in some rebound relationship therapy.
4. Buy into all the latest trends.
Reality check: It’s okay to be a slave to fashion…just be a slave to cheap fashion, rather than dropping serious bank on each and every look. Kick yourself later for wearing it, but don’t kick yourself for blowing your paycheck on it.
5. Change your man.
Reality check: While some relationship tweaking is to be expected (hey, few guys are natural-born good kissers), if the words “fixer-upper” and “project” could describe your boyfriend, it’s time to get real.
6. Triple the number of friends you have on Facebook.
Reality check: Less time stalking your friends’ friends’ friends. More time catching up with buddies you actually care about.
7. Don’t eat any junk food.
Reality check: Cutting out all unhealthy food from your diet will most likely lead to binge eating, followed by intense guilt, by mid-January.
8. Watch less trashy TV.
Reality check: Zoning out and de-stressing for a bit every night with the help of good bad television is harmless.
9. Save more money.
Reality check: Let’s be honest. In this economy, we’re just happy to be able to pay our rent, gas, and credit card bill.
10. Keep your number down.
Reality check: Nothin’ wrong with notches on your bedpost, as long as you’re being safe.
Source: lifesytle.msn.com
Holiday identity theft. Beware of social engineering
By Joe Campana
Beware of identity thieves that are students of social engineering. They can exploit your holiday cheer or drear by duping you into becoming another victim of identity theft. The term, social engineering, may sound innocuous, but it actually refers to trickery and deception. Social engineers manipulate people into giving up valuable information, and even money by playing to human emotions.
Most often social engineering refers to turning over sensitive information such as a Social Security number, credit card number, credit card id number (CCID, CSC, CVC, etc.), account or building access code or other confidential information that can be used by the thief for identity theft, fraud, espionage, and other crimes. Victims can even be duped into handing over money directly to sinister social engineers.
Holidays are advantageous to identity thieves that practice social engineering and pickpocketing. Consumers in the holiday mood are likely to have their guard down. Consumers in a heightened emotional state can be taken advantage of more easily. Social engineering identity theft grinches can nab your identity in person, over the telephone, by mail, email and through websites including social networking sites such as Twitter and Facebook. Pickpockets may even use social engineering to engage and distract you emotionally, while another thief snatches your wallet or purse.
If it seems too good to be true, it probably is. So be cautious of offers to earn additional income over the holidays or to obtain huge discounts on gift items. With the dreary economy and many people out of work, offers for making a quick buck or saving money are attractive. Some schemes scam consumers into giving out their Social Security number in the hope of getting work. Others may steal financial account information when consumers provide payment information thinking they are covering fees associated with bogus “make money now” schemes.
Look out for too good to be true prices on products advertised over the Internet. If the sale is on a popular retailer website that you got to by clicking on a link, how can you be sure they are at the authentic website of a retailer? The website may be a spoof (a clone or lookalike site). The sole purpose of a spoof website is to snatch your financial account information when you think you placed an order with the retailer. To be sure you are at the retailer’s authentic website, search for the retailer website with your search engine, don’t trust a link in an unsolicited email or one posted on social networking website.
Do your homework before doing business or making purchases online. Search the name of the company and look for complaints, alerts and warnings. Internet advertisements that appear on legitimate websites can be dubious if not completely fraudulent. It’s always worth an extra five minutes of online research instead of making an impulse purchase that you may later regret. Research may not only save you from becoming a victim of identity theft, but you may find a better deal with a reputable retailer by doing your homework.
A recent e-Week Security Watch article lists many common e-scams such as phony charity scams, bogus social networking friend requests, holiday e-cards, super sale pitches, malware ridden Christmas carol websites, job and work from home scams, password stealing scams, e-banking attacks and others. These scams may involve phishing, pharming or malware downloads that infect your computer with not only viruses but also keylogging software that allows fraudsters to capture your keystrokes particularly when you are logging into an online financial account.
Social engineering schemes don’t just involve the Internet. They can occur by phone or by mail. Beware of telephone calls from financial institutions, credit card companies, law enforcement, government agencies and charitable organizations that ask you to provide sensitive information such as your Social Security number or financial account information over the phone. Don’t trust what you see on your caller id, because caller id’s can be faked through a practice called vishing.
Received a notice in the mail that you won the lottery? To collect the $100,000 prize, just wire $1,500 to an offshore agent to cover the taxes before cashing the $2,000 bogus advance check you received with the notice. It was a coincidence that just before a financially needy consumer and very happy prizewinner was going to wire money to the lottery agent, I asked, “Did you enter the lottery?” That was an “Ah-ha” moment, when they realized they were about to be scammed. You can’t win, if you didn’t enter!
Recently a Madison, Wisconsin woman was taken for nearly $20,000, a laptop computer and a cell phone. She met a man, an identity thief, through an online dating service. Crafty social engineers play on our strongest emotions, even love.
Whether it is a holiday, a commemorative day, a tragedy, or any day or situation when you may be vulnerable beware of social engineering.
Source: examiner.com
Are Facebook Users Too Friendly For Their Own Good?
by Stan Schroeder
The latest research conducted by IT security firm Sophos shows that it’s very easy to convince Facebook users to reveal their personal info to complete strangers.
This is nothing new, mind you – after all, many users see Facebook (Facebook) as a possibility to make new friends – but it is worth noting that simply friending someone you don’t know nothing about can result in identity theft.
Here’s how Sophos conducted their research:
“Sophos created two fictitious users with names based on anagrams of the words “false identity” and “stolen identity”. 21-year-old “Daisy Felettin” was represented by a picture of a toy rubber duck bought at a $2 shop; 56-year-old “Dinette Stonily” posted a profile picture of two cats lying on a rug. Each sent out 100 friend requests to randomly-chosen Facebook users in their age-group.
Within two weeks, a total of 95 strangers chose to become friends with Daisy or Dinette – an even higher response rate then when Sophos first performed the experiment two years ago with a plastic frog. Worse still, in the latest study, eight Facebookers befriended Dinette without even being asked.”
At Sophos, they call it the “rubber duck attack”. The moniker is silly on purpose, as it shows how you can gather someone’s personal info without any technical expertise, simply by working within the social network’s rules.
It’s important to point out that Facebook gives very extensive privacy options for every profile; you can read the details on how to protect your data in our Facebook privacy primer. While there’s nothing wrong with being friendly, even with strangers, Facebook users need to understand that this friendliness can cost them, and the price of identity theft can be very high.
Check out a video showing how the “rubber duck” tactic can be used for identity theft below.
Source and Video: mashable.com
Thousands of NY Sex Offenders Booted From Facebook, MySpace
By Eliot Van Buskirk
Facebook and MySpace have terminated the accounts of 3,533 convicted sex offenders in the state of New York after they submitted their account information to the state under 2008’s Electronic Security and Targeting of Online Predators Act (e-STOP) law, the New York Daily News reports.
The law requires the state’s 30,000 convicted sex offenders to file their home, e-mail and social networking addresses with the state. Out of that pool, only about 27 percent revealed e-mail addresses or social-networking usernames to authorities, and only 10 percent divulged a Facebook or MySpace username.
The remaining 22,000 or so registered sex offenders who did not supply online identity information are either in prison or homeless, lack computer access or simply chose not to respond, an unidentified state Division of Criminal Justice Services representative told the New York Daily News.
The e-STOP system only works if criminals volunteer their social networking identities, as they are required to do within 10 days of creating a new account under penalty of new felony charges. Proponents of the law have declared it a success.
“Before e-STOP, sexual predators freely lurked in social networking sites trolling for innocent victims,” said executive director of Parents for Megan’s Law and the Crime Victims Center Laura Ahearn to the Daily News. “With e-STOP, Attorney General Cuomo has sent a clear message that there is a new sheriff in the cyberworld protecting our most vulnerable.”
New York State supplied the account names to Facebook and MySpace over the past two months as part of the first stage of the e-STOP sweep. The next step is to check whether any of the offenders violated the terms of their early release from prison by setting up a profile on the sites.
Incidentally, sex offenders — like many others — appear to favor Facebook over MySpace. Out of the 3,533 offenders whose accounts were terminated, 79 percent were on Facebook and 51 percent were on MySpace. Many had accounts on both networks, while 21 percent used MySpace exclusively and 49 percent used Facebook exclusively.
(Update: the final paragraph of this article originally failed to distinguish between the number of social networking accounts and the number of account holders; those percentages have since been corrected.)
Source: wired.com
McAfee warns about ‘12 Scams of Christmas’
by Larry Magid
Retailers aren’t the only ones gearing up for the holiday season. Criminals are also out in force. To highlight the increased crime during the holidays, security company McAfee has come up with the “12 Scams of Christmas” ranging from bogus electronic greeting cards that deliver malware instead of cheer to fake charities that steal your money and your identity.
It’s especially important to be extra careful this time of year, says McAfee’s David Marcus. “The bad guys know people are spending more time online, they’re paying more bills online so [the criminals] stand a chance of being a bit more successful this time of year.
In a podcast interview (scroll down to listen), Marcus counted down the 12 scams of Christmas starting with:
1. Charitable phishing scams: Marcus warns consumers to be wary of e-mails that appear to be from legitimate charities. Not only will they take your money and deprive charities of needed funds, but they will also steal your credit card information and identity.
2. Fake invoices from delivery services: During this period, scammers will send out fake invoices and delivery notifications appearing to come from Federal Express, UPS, the U.S. Postal Service or even the U.S. Customs Service saying that they were unable to deliver a package to your address. They ask you to confirm your address and give them credit card information to pay for delivery.
3. Social networking friend requests: Bad guys take advantage of this social time of year by sending out authentic looking friend requests via e-mail. Marcus recommends that you not click on those links but sign into Facebook and other services and look for friend requests from the site itself. Clicking on a link could install malware on your computer or trick you into revealing your password.
4. Holiday e-cards: Be careful before clicking on a holiday e-card, especially if it’s from a site you haven’t heard of. This is a way to deliver malware, pop-ups, and other forms of unwanted advertising. Some fake e-cards will look like they come from Hallmark or other legitimate companies, so pay close attention and make sure it’s from someone you know. If you’re going to send an e-card, be sure you’re dealing with a reputable service lest you risk infecting yourself and your friends.
5. Fake “luxury” jewelry: If you see an offer for luxury gifts from companies like Cartier, Gucci, and Tag Heuer at a price that’s too good to be true, it probably isn’t true. These links could lead you to malware and take your money or merchandise that will probably never arrive (or be fake if it does). Some of these sites, according to McAfee, even display the logos of the Better Business Bureau.
6. Practice safe holiday shopping. Make sure your wireless network is secure and be sure you’re shopping on sites that are secure. Though it isn’t an iron clad guarantee, you should look for the lock icon in the lower right corner of your browser and make sure the Web page starts with https. The “s” stands for “secure.”
7. Christmas carol lyrics can be dangerous: Bad guys know that people are searching for holiday related sites for music, holiday graphics, and other festive media. During this time, they create fraudulent holiday related sites.
8. Job search related scams: With the unemployment rate at 10.2 percent, there are plenty of job seekers looking for work. Beware of online offers for high paying jobs or at-home money making schemes. Some of these sites ask for money up front, which is a good way for criminals not only to steal your “set up fee” but misuse your credit card too. Marcus said that some “get rich quick” sites are all about money laundering, asking you to accept an inbound financial transfer and pay them.
9. Auction site fraud: McAfee has observed a rise in fake auction sites during the holidays. Make sure you’re actually going to eBay or whatever site you plan to deal with.
10. Password stealing scams: Criminals use low-cost tools to uncover passwords, in some cases planting key logger software to record keystrokes. Once they get your passwords, they gain access to bank accounts and credit card accounts and send spam from your e-mail accounts.
11. E-mail banking scams: A common type of phishing scam is sending out official looking e-mails that appear to come from your bank. Don’t click on any links but type in your bank’s Web address manually if you need to access your account.
12. Files for ransom: Hackers use malware to gain control of your computer and lock your data files. To access your own data you have to pay them ransom.
Bottom line–Don’t let the eggnog and holiday cheer keep you from using your critical thinking skills when you go online during the holiday season. And, of course, make sure your operating system is updated and that you’re using up-to-date security software.
Source: news.cnet.com
Internet dating revisited, Part two
This week, we will follow up on last weeks column by looking at some of the scams associated with Internet dating Web sites. While online dating can be fun and rewarding, it also can be crazy and dangerous. Let the online dater beware.
In particular, beware of any messages that read even remotely like the following: “I am so glad to read from you. I am from Oklahoma but presently I lived with my mother in England, London. etc. I still believe love has no boundaries.( yes we may somehow far from each other is some miles But distance away feels extra special.) I’m a great listener when my partner have trouble minded problem. I am the only Daughter of My Parent and i Do love them so much , but just that i Miss this presence of Dad any time i remember how this Happens,all My dad properties are In charge of Our lawyer, i will Take over Every thing Until i Got Married to My future Husband someday..and this Has been the Mean reason Why i am Online dating Stuff.”
If you were a single, lonely, middle-aged man, would you fall for an e-mail message like that? Believe it or not, many men do. I actually received those words, typos, bad grammar and all, in a dating Web site message. Naturally, the message was accompanied by a picture of a 20-something female who looked as pretty as a pinup girl and as American as apple pie. Even better, the message was addressed directly to me. This young specimen of loveliness actually wanted to go out with me, the middle-aged geek.
Of course, the above is an extreme example of a badly-worded dating scam; most have slightly better grammar. Under scrutiny, though, the majority of dating Web site scam letters can be found to have at least a few red-flag inconsistencies. Some will be a mixture of perfectly written phrases interrupted with awful grammar, showing that the scammers have copied and pasted well-written phrases from various sources and tried to fill in the blanks themselves. Still, I’ve lived in Oklahoma for almost 40 years and I’ve never met an Okie with such atrocious grammar as found in the example above; bad grammar, to be sure, but not that bad.
The reason for the poor English skills is simple: many dating scammers, despite what they say or the photos they send, are not from America. A large number of these crooks are based in Russia, China and Africa. The picture of the 25-year old swimsuit model was probably sent by a 55-year old male truck driver from the Ukraine.
Dating Web site scams work pretty much the same way as any Internet-related scam. First, the scammer has to gain the trust and confidence (hence, the “con” in “con game”) of his victim. The scammer strings the victim along until the time is right and then asks for money. They are all too often successful.
In dating scams, tender and sweet words are exchanged, exploiting everyone’s natural desire to be wanted and loved. Personal and family histories are related, likes and dislikes shared and intimate details revealed, often over a period of weeks or months. Once he has gained the trust of his victim, the scammer moves in for the kill. It’s usually something like, “If only I had $500 for a plane ticket, I would visit you,” or, “if only I had another few thousand dollars, my little boy could have that surgery to cure his blindness,” or, “I have a money order for $5,000, but I can’t cash it in my country. If I send it to you, will you deposit it in your bank and wire me the money?” I know of one fellow in town who fell for this last scam. It took his true innocence (read, “stupidity”) combined with an expensive lawyer to keep him from being charged with wire fraud by the FBI.
For some entertaining and informative videos about all types of Internet scams, visit fakechecks.org, a Web site created by the National Consumers League. Take their online “Fraud Test” and see if you pass. After all of this, you have no excuse for failure.
Check out this video Prevention Love Losses
Source: normantranscript.com
BBB Alerts Consumers about U.S. Census Workers: Be Cooperative, But Cautious!
Jacksonville, FL – For years, Better Business Bureau has educated consumers about not giving out personal information over the telephone or to anyone who shows up at their front door. With the U.S. Census process beginning, BBB advises people to be cooperative, but cautious, so as not to become a victim of fraud or identity theft.
The first phase of the 2010 U.S. Census is under way as workers have begun verifying the addresses of households across the country. Eventually, more than 140,000 U.S. Census workers will count every person in the United States and will gather information about every person living at each address including name, age, gender, race and other relevant data.
“Most people are rightfully cautious and won’t give out personal information to unsolicited phone callers or visitors, however the Census is an exception to the rule,” said Steve Cox, BBB spokesperson. “Unfortunately, scammers know that the public is more willing to share personal data when taking part in the Census and they have an opportunity to ply their trade by posing as a government employee and soliciting sensitive financial information.”
The Census data will be used to allocate more than $300 billion in federal funds every year, as well as determine a State’s number of Congressional representatives. Households are actually required by law to respond to the Census Bureau’s request for information.
During the U.S. Census, households will be contacted by mail, telephone or visited by a U.S. Census worker who will inquire about the number of people living in the house. Unfortunately, people may also be contacted by scammers who are impersonating Census workers in order to gain access to sensitive financial information such as Social Security, bank account or credit card numbers. Law enforcement in several states have issued warnings that scammers are already posing as Census Bureau employees and knocking on doors asking for donations and Social Security numbers.
* The big question is – how do you tell the difference between a U.S. Census worker and a con artist? BBB offers the following advice: If a U.S. Census worker knocks on your door, they will have a badge, a handheld device, a Census Bureau canvas bag and a confidentiality notice. Ask to see their identification and their badge before answering their questions. However, you should never invite anyone you don’t know into your home.
* Census workers are currently only knocking on doors to verify address information. Do not give your Social Security number, credit card or banking information to anyone, even if they claim they need it for the U.S. Census. While the Census Bureau might ask for basic financial information, such as a salary range, it will not ask for Social Security, bank account or credit card numbers nor will employees solicit donations.
* Eventually, Census workers may contact you by telephone, mail or in person at home. However, they will not contact you by e-mail, so be on the look out for e-mail scams impersonating the Census. Never click on a link or open any attachments in an e-mail that are supposedly from the U.S. Census Bureau.
For more advice on avoiding identity theft and fraud, visit www.bbb.org
About BBB
BBB is an unbiased non-profit organization that sets and upholds high standards for fair and honest business behavior. Businesses that earn BBB accreditation contractually agree and adhere to the organization’s high standards of ethical business behavior. BBB provides objective advice, free business BBB Reliability ReportsTM and charity BBB Wise Giving ReportsTM, and educational information on topics affecting marketplace trust. To further promote trust, BBB also offers complaint and dispute resolution support for consumers and businesses when there is difference in viewpoints. The first BBB was founded in 1912. Today, 125 BBBs serve communities across the U.S. and Canada, evaluating and monitoring more than four million local and national businesses and charities. Please visit www.bbb.org for more information about BBB.
Source. www.bbb.org
Facebook, Twitter crooks just a click away
By Stephanie Chen, CNN
(CNN) — (CNN) — If you’re on Facebook, Twitter or any other social networking site, you could be the next victim.
Experts say cybercrooks are lurking just a mouse click away on popular social networking sites.
That’s because more cyberthieves are targeting increasingly popular social networking sites that provide a gold mine of personal information, according to the FBI. Since 2006, nearly 3,200 account hijacking cases have been reported to the Internet Crime Complaint Center, a partnership between the FBI, the National White Collar Crime Center and the Bureau of Justice Assistance.
It starts with a friend updating his or her status or sending you a message with an innocent link or video. Maybe your friend is in distress abroad and needs some help.
All you have to do is click.
When the message or link is opened, social network users are lured to fake Web sites that trick them into divulging personal details and passwords. The process, known as a phishing attack or malware, can infiltrate users’ accounts without their consent.
Once the account is compromised, the thieves can infiltrate the list of friends or contacts and repeat the attack on subsequent victims. Social networking sites show there is ample opportunity to find more victims; the average Facebook user has 120 friends on the site.
“Security is a constant arms race,” said Simon Axten, an associate for privacy and public policy at Facebook. “Malicious actors are constantly attacking the site, and what you see is actually a very small percentage of what’s attempted.”
Social Media Crimes
As some social networking sites experience monstrous growth, they are becoming a new — and extremely lucrative — frontier for cybercrime. Facebook says it has 300 million users, nearly the size of the U.S. population, and it continues to attract users outside the college student niche. From February 2008 to February 2009, Twitter, a micro-blogging site where users post 140-character messages known as tweets, grew 1,382 percent to more than 7 million users.
“They [cybercriminals] are very adept to using social engineering,” said Donald DeBold, director of threat research for CA, an Internet security company. “Your friend is in trouble traveling in another country, ‘I lost my wallet. I need help.’ They exploit the curiosity aspect out of human nature.”
A few decades ago, malicious software and viruses were usually the result of a prank, but Internet security experts say today’s attacks are profit-driven. A study from the Indiana University in 2005 discovered that phishing attacks on social networks operated with a 70 percent success rate. These users had fallen for the scam, opened the foreign link and released personal information.
Cybercriminals are employing phishing and malware attacks for a number of reasons, including trying to redirect users to sites where profit is fueled by the number of visitors. They also try to elicit private information like passwords and bank account numbers to perform scams.
Early this year,Twitter experienced several phishing attacks in which a Web page that looked identical to the widely recognized light blue Twitter page was a hoax. The company warned users to double-check the URL to ensure they were visiting the correct site.
The Internet Crime Complaint Center received more than 72,000 complaints about Internet fraud in 2008 that were referred to law enforcement agencies for further investigation. These cases involved financial losses amounting to $264.6 million, an increase from 2007. Each person lost an average of $931.
“Most of us would want to help a friend in need, but if it’s an online friend, and they want you to wire money, you should double-check,” FBI spokesman Jason Pack said.
Security experts said it makes sense that cybercriminals are turning to social networking sites. Personal information is abundant on sites like Facebook and MySpace. Each time users give out valuable information like birth dates or addresses, they could be providing hints about their password, security experts say.
The American Civil Liberties Union has expressed concern about the information visible through Facebook quizzes and applications.
“They’ll have access to all that information, so they can sell it, they can share it, they can do an awful lot with it,” Chris Calabrese, legislative counsel for privacy-related issues with the ACLU, told CNN.com in September.
Many Internet security experts consider the first virus attack on the PC to have occurred in 1986. By the early 1990s, viruses transmitted on floppy disks became ubiquitous. When the World Wide Web became widely available that same decade, viruses, worms and malware became problems in e-mail accounts, frustrating users who clicked on messages thought to be legitimate.
In the new millennium, the most common form of malware attack has become known as drive-by downloads. While surfing on Google or Yahoo, spyware or a computer virus is automatically and invisibly downloaded on a computer, requiring no user interaction for the computer to be infected.
“We are on the verge from shifting from the Web being the No. 1 victim of infecting to social network,” said Mikko H. Hypponen, chief of research technology at F-Secure Corp. His company sells anti-virus software and malware protection programs. “It’s going to get a lot worse before it gets better.”
Social networks are fighting the aggressive attacks from cybercriminals. Most sites have information pages dedicated to educating users about the risks of Internet scams. Users can become a fan of “Facebook Security” and receive updates on how to protect their accounts. One of the most common pieces of advice given by security experts is to change passwords frequently.
Facebook has also developed complex automated systems that detect compromised accounts. They spot and freeze accounts that are sending an unusually high number of messages to their friends. Company security officials said Facebook is a closed system, which can be helpful in erasing phony messages from all accounts.
At News Corporation’s MySpace.com, the company creates blacklists of phony accounts to prevent people from clicking on a faulty link. Hemanshu Nigam, first chief security officer for MySpace, said the firm warns about suspicious links and educates users about the harm phishing and malware attacks can bring. “We are prepared for them,” he said.
