Cybercrime is nothing to like or share

Social media has helped many people overcome feelings of anonymity on the Internet. Yet the sobering reality about interacting on sites like Facebook is that you can't be sure if someone really is who they say they are. Identity thieves take advantage of that fact to perpetrate crimes -- but there are ways you can protect yourself. social-media-fraud

The problem is big, and growing. A Norton Cybercrime Report shows that 37 per cent of the Canadian social network users fell victim to cybercrime through social networking platforms in 2012.

Still, many Canadians have a false sense of security because they rely so heavily on computers for every facet of their lives, says lawyer David Debenham, a certified fraud specialist with McMillan LLP. "Given our comfort level, we read about social media fraud, but don't believe it can happen to us," says Debenham.

The results of cybercrime can be devastating. "The average loss for a romance scam is roughly $60,000 and in some cases runs into millions of dollars," says Brock Godfrey, a senior educator representing the Canadian Anti-Fraud Centre.

The number one mistake users make in social media: TMI. "One of the biggest risks of Facebook is sharing too much information," says Casey Goossens, CEO of idAlerts Canada. "The user's level of privacy is left up to the individual, leaving less tech-savvy users exposed to criminals around the globe."

Take it from Frank Abagnale, former-fraudster-turned-security-consultant and subject of the movie Catch Me If You Can. Abagnale told the British newspaper The Guardian in 2013, "If you tell me [on Facebook] your date of birth and where you're born, I'm 98 per cent of the way to stealing your identity."

Make sure your friends are real
Even if you only allow friends to access your personal data, you usually have no idea where friends circulate your communications -- particularly if that friendship ends.

And what if it turns out your "friend" is a total stranger? According to social media watchdog Facecrooks, an increasingly common threat is cybercriminals hacking into an existing Facebook account and impersonating the accountholder.

Social media aggregators -- which collect content from multiple social network services into one unified presentation -- enable bad guys to assemble pieces of data from a variety of websites and put together a complete picture of their targeted victims.

The hackers can not only access personal data in captured accounts, but also mine a significant amount of information from their victims' unsuspecting friends.

Facebook Canada spokesperson Meg Sinclair says Facebook doesn't allow impersonation accounts and has monitoring technologies in place. But with more than a billion Facebook members, the job of reporting an impersonation primarily rests with the user.

Not so likeable likes
Often, fraudsters use a technique called "like farming" - collecting "likes" and shares on Facebook for fake Web pages loaded with hidden security threats.  Usually, the goal is to gather enough likes and shares to trick Facebook into placing the fake pages into users' news feeds where they will reach a much wider audience.

At first glance, like farming appears to be harmless. Clicking "like" on a fake Facebook page doesn't reveal any information about you that's not already public.

And the fake pages garnering the likes can be very convincing. For example, some pages feature heart-tugging photos of children supposedly in desperate need of cancer treatments; critically injured survivors of high-profile disasters like the Philippines typhoon; or bereaved families of the Boston Marathon bombing.

But booby-trapped links may be embedded in those pages. Clicking on them can trigger malware attacks that give hackers remote access to your computer, or they may take you to illegitimate donation sites.

"With the proliferation of media editing software, photos and videos can easily be created or modified to misrepresent reality and lead someone to place their trust in an otherwise unreliable source," says Goossens.

Red flags include claims that Facebook will donate money based on each like or share a photo receives, and direct requests for charitable donations.

Facecrooks cautions against liking or sharing any suspicious page, since those actions can associate a user with that content. To review pages you've already liked, go to your Facebook profile, click the More menu and then on Likes. You can then unlike any page you're not sure about.

Take preventive action
Debenham recommends that users build protective fences around their web presence, particularly on social media sites. "People are creating an online persona, so don't release any information you wouldn't want your employer, parents, family and friends to know," he says.

When you set up security questions for online accounts, it may help to use wrong answers. A fraudster could, for instance, discover your mother's maiden name or where your first job was via social media, and then use those answers to change your account passwords. Also, don't use your Facebook username for any other accounts -- that will be even an amateur hacker's first guess.

Become familiar with Facebook's online help centre, which explains security features and fraud reporting tips. And if you think a friend's account has been hijacked, block or unfriend it and notify the true owner about the imposter.

Goossens believes that social networking has become an integral part of Canadians' lives, and that people should not be paranoid about using legitimate websites for posting social data. For peace of mind, he suggests that consumers subscribe to the type of credit and identity monitoring services that credit bureaus and his company provide.

"While no one can completely safeguard their identifiable information on Facebook from thieves, you can stop them from using it by becoming more aware, monitoring your credit and promptly reporting any misconduct," concludes Goossens.

See related: EMV is not impervious to data breaches; Do privacy laws encourage travel fraud? 
Published March 7, 2014

Most recent All credit card news Stories