A new study has shown how fraudsters are able to use information shared
online on social networks to build detailed profiles of potential victims. Researchers
interviewed one ex-offender to find out the techniques he and others use to
garner details from online sources enabling them to steal others' identities.
He revealed that while users are often canny enough to withhold enough
information on one site to foil fraudsters, resourceful crooks can collect
enough data from various sources to apply for credit or make online purchases
in their victim's name.
Online predator: Researchers interviewed one former offender to get an insight into how fraudsters gather information from individuals' various online profiles to collect enough data to steal identities
Chief among the top three online resources for collecting potential
victims personal details was not a social media website at all, but was in fact
192.com. The directory inquiries website was noted as particularly useful for
providing information on where potential victims live, their age, other
occupants, and how long they have lived there.
Fraudsters can then flesh out the skeleton identity this crucial data provides
by using Facebook for details on location, activities, friends and photographs;
and LinkedIn, on which users often reveal their entire work and education
history. ‘192.com was such a good resource – the information on there was so
good,' the study's interviewee revealed. 'LinkedIn is good – the whole point of
the website is to get everything you’ve done across to people you don’t know.’ He
added: 'Photos are important. It can give you clues about a password or a
security question – you may be asked favourite holiday place, or favourite
football club – it’s a piece of information.'
Whose checking your profile? The research, conducted on behalf of online security company ALLOW, revealed fraudsters often mine Facebook profiles for information that could help them crack passwords
RANSOMWARE VIRUSES GROW INTO $5M-A-YEAR 'EXTORTION RACKET'
Cyber-criminals are making $5million a year using computer viruses that hold the data on your hard drive to ransom.
The scam has been around for several years, but new variants which claim to be the work of law enforcement agencies means the number of victims has soared.
Ransomware is now a major criminal industry, said Symantec, the company behind anti-virus packages like Norton.
'If you look at the nature of the beast, it really puts the screws to you,' said Kevin Haley, director of Symantec's security response team. 'We see so many gangs moving to ransomware, looking for new angles, new versions, that we're going to see a lot of this in the future.'
The malware infects a personal computer and cripples the machine. It can even encrypt its files. It then displays a message - the ransom note - that demands payment to restore control to the owner.
'It's an extortion racket,' Symantec said in a white paper on the topic.
The ex-fraudster revealed how he would create fake Facebook profiles
using pictures of attractive women to contact men in an effort to get them to
reveal sensitive personal information. 'You’ve got to get in to the minds of
people – most guys will add a pretty face even if they didn’t know them,' he
said. 'One of my victims, I nicked someone’s phone, chose a pretty girl from a
different social networking site, got some of her photos and made a profile on
Facebook and added a few random people. This guy emailed me stuff, where he
would be and what he was doing – he thought he had a chance with this fake
person I had made up. He was giving me all this information but doesn’t really
know who I am.'
On other occasions he merely hijacked the Facebook identity of an existing
person to get their contacts to reveal information. People can hijack someone’s
Facebook activity - I’ve known it to happen, say someone is called Peter, you
can set up a new account using the name Pete, copy their image and information
to the new account and add their friends and have conversations with them on
Facebook. You can extract information, it's an avenue to exploit to get bits of
information.'
The study, conducted on behalf of personal security company ALLOW, which
offers services to keep internet users safe online, revealed how information
collected by fraudsters was predominantly used to apply for credit or make
purchases in the victim's name. This typically involved using personal details
to create an identity at a particular address the fraudster had access to, then
applying for credit cards or loans. Alternatively the offender could collate
the details into a complete identity then sell them on to others to commit the
fraud.
The fraudster said he felt social networks and social media sites
'didn't care' their services were being exploited by criminals. 'The more
popular they are with everybody the happier they are,' he said. 'I think the
thing they are worried about is if it became public knowledge that people can
get defrauded through using them, I don’t think they would like it.'
'Common sense': Justin Basini, CEO and founder of ALLOW, said social media users can take easy steps to protect their identity online
Justin Basini, founder and CEO of ALLOW, told MailOnline that the application of 'common sense' can help social media users protect themselves against the fraudsters out to steal their identity. 'One in four people don't check privacy settings on Facebook,' he said. 'One in five people accept friend requests from strangers; and most people use the same passwords for all kinds of services.'
Source: Daily Mail UK
Please share
No comments:
Post a Comment