Security threats Toolkit

Why scammers find rich pickings on Facebook

Mary Landesman

Published: 03 Mar 2009 17:47 GMT

Why scammers find rich pickings on Facebook

Social networks are teeming with potential victims for scammers and worm writers. That's because people suspend their normal standards of judgement online, says internet security expert Mary Landesman.

When otherwise sane and sensible people join social networks, something rather mysterious often happens — they become promiscuous frienders.

There are a couple of possible explanations: people who are seemingly in control in real life find they simply cannot say 'No' in the virtual world; alternatively, the public display of the number of contacts reinforces their competitive edge, causing them to choose quantity over quality.

It's not that social networking in itself is bad. On the contrary, social networks allow us to catalogue, engage and unleash the power of our connections. They exploit the virtual equivalent of six degrees of separation — the notion that we are each only six acquaintances removed from anyone else on the planet.

Social-engineering scams
Social networks can also provide a venue for everything from self-expression to business development. But on the flip side, social networks can leave us more susceptible to social-engineering scams, expose sensitive information, and potentially make us more vulnerable to malware attacks. That risk isn't really inherent in social networking per se, but rather in how well social networks are managed.

Just as keeping up with the Joneses has contributed greatly to the global economic crisis, keeping up with the rabid frienders has contributed to the success of social-networking worms such as Koobface. That isn't because Koobface was some technologically devious bit of malware, but rather because we rather stupidly assume everything we receive from a friend is somehow legitimate.

You can see this phenomenon of misplaced trust with one of the oldest online tricks in the book — the email hoax that claims Bill Gates and AOL have teamed up to give away his fortune. No matter how unbelievable the hoax may seem, it's been circulating widely for well over a decade.

The reason for its success lies in our belief that our friends would never forward such a thing if it were not true. But the reality is they forwarded it to us because a friend forwarded it to them because a friend forwarded it to them, and so on.

Everyone in the chain is acting on the assumption that the person before them is trustworthy. And judging by the many forwarded addresses included, it's no coincidence that...