九大犯罪行为困扰面书使用者

面书终于上市了。从股票价格的变化情况看，至少在开始的第一天，“铁杆”的支持者还不少。以五十亿美元的年度预计销售额，卖出了二十几倍的市值，原始股股东和早期的投资者，看来是可以开心的开怀大笑了。而在二级市场参与的投资者，他们之中，最终，会有多数人将含泪哀叹，就只有时间能够告诉大家了。

面书的未来，还得靠大家对这个平台的喜爱和舍得为这种喜爱掏腰包。

在你乐兮兮的在面书上“放声高歌”的时候，大量的“有心人”也在那里“磨刀霍霍”，对准那些自以为安全的使用者。

根据目前的情况看，通过面书平台犯罪的手段，至少有九大类。

其中之一，就是对你账户的非法入侵，并且就此在你的领地大放厥词，甚至是冒着你的名义来个“挂羊头卖狗肉”。在成功入侵之后，罪犯就能借此获得很多关于你的个人信息，还有你的关系网信息。在有了这些之后，再就此冒充和行骗，就是轻而易举的事情了。特别是对于年岁比较小的使用者，很多人自以为，有个密码就会万无一失，结果，自以为牢不可破的防线，很容易就被罪犯攻破而不自知。

面书规定的使用者年龄是十八岁（？），可是，大量的使用者却低于这个岁数。

还有一种比较容易做到的，就是仿冒：造一个和你的账户类似的面书账户，在此之后，再借此来欺骗你的朋友和关系网，从他们那里间接的获得关于你的信息，也就成为一件很容易做到的事情了。在此之后，就获得了和第一个入侵账户成功类似的收获。

面书的最大特点就是快速的建立关系和连接这些潜在的关系。所以，一旦你有了面书，很快，也很容易的，面书就会“帮助”你将你所有潜在的关系网给挖出来。这，对于你，既是好事，更多的时候，恐怕还是坏事。面书在有意和无意之间，为你做了很多不应该做的事情，而很多时候你可能还不知。结果，这些被深入挖掘出来的关于你的信息，就很容易被罪犯所利用。最终受到伤害的，还是你，特别是当你对使用面书的安全性还很有信心的时候。

具体的，大家可以读读下面这篇文章。就此，大家应该多关照一下自己未成年的子女，在使用面书时小心谨慎为好。同时，也应该注意好自我保护。

我觉得，很多时候，谷歌就是太热心，将很多你不太愿意被挖掘出来的信息给你挖掘出来了。面书也有类似的问题。几家这样的公司再来个联手，那么，我们生活的世界将无隐私可言了。那时候，最好的保护，可能就是远离互联网。只是，很多非常私有的信息，在今天，已经不再私有了。

可悲！可叹！同时又无助！

Nine Major Ways Criminals Use Facebook

May 16, 2012 by Mike Sauter

This Friday, Facebook will go public in one of the most anticipated IPOs in history. With more than 900 million users, Mark Zuckerberg’s expanding social media empire has become a seemingly irreplaceable part of the online experience. Unfortunately, a byproduct of its success is that millions of Americans are far more exposed to a number of cyber crimes that also teem on the site.

To be sure, cyber crimes have been occurring for some time, but the presence of social media has made many crimes much easier to commit. In social networks people make “friends” without knowing the person and make personal information easily available. And none of the networks present more opportunity to criminals than Facebook and its hundreds of millions of users. With this in mind, 24/7 Wall St. looked at some of the most common ways criminals use Facebook.

Internet security analysts warn that Facebook is a hotbed for online crime. According to an infographic published earlier this year by ZoneAlarm, a leading Internet security software provider, “roughly 4 million Facebook users experience spam on a daily basis, 20% of Facebook users have been exposed to malware,” and Facebook receives 600,000 reports of hijacked log-ins every day.

Facebook knows that there is a problem. Earlier this year, the social media giant began working with the U.S. Attorney General’s office to try to combat linkjacking, a new form of account hacking and spam that is more or less unique to Facebook. Through various kinds of identity theft, linkjacking spammers send messages containing false ads or even viruses to the victims, pretending to be a Facebook friend.

Like linkjacking, malware represents yet another growing threat for Facebook users, Dr. Kent Seamons, assistant professor in the Computer Science Department at Brigham Young University, told 24/7 Wall St. “Hackers get malware on your machine and get tens if not hundreds of thousands of these machines under their control and then they rent them out to spammers and others,” Seamons explains. Renting Facebook accounts to spammers is one of the many ways that thieves monetize the personal information they steal. These rented accounts can then be used to advertise products illicitly or to request money from unsuspecting friends.

Ultimately, all social media sites make it easier for criminals to deceive their victims. According to a study published in Communications of ACM, a journal for computing professionals, the percentage of students that responded to a phishing email increased from 16% to 72% when the email included relevant social information about the target. For example, scams that make it appear that a message comes from a friend of the target make it more likely that the target will respond.

These are the nine ways criminals use Facebook.

1. Hacking Accounts

When criminals hack a Facebook account, they typically use one of several available “brute force” tools, Grayson Milbourne, Webroot’s Manager of Threat Research for North America, told 24/7 Wall St. in an interview. These tools cycle through a common password dictionary, and try commonly used names and dates, opposite hundreds of thousands of different email IDs. Once hacked, an account can be commandeered and used as a platform to deliver spam, or — more commonly — sold. Clandestine hacker forums are crawling with ads offering Facebook account IDs and passwords in exchange for money. In the cyber world, information is a valuable thing.

2. Commandeering Accounts

A more direct form of identity theft, commandeering occurs when the criminal logs on to an existing user account using an illegally obtained ID and password. Once they are online, they have the victim’s entire friend list at their disposal and a trusted cyber-identity. The impostor can use this identity for a variety of confidence schemes, including the popular, London scam in which the fraudster claims to be stranded overseas and in need of money to make it home. The London scam has a far-higher success rate on Facebook — and specifically on commandeered accounts — because there is a baseline of trust between the users and those on their friends list.

3. Profile Cloning

Profile cloning is the act of using unprotected images and information to create a Facebook account with the same name and details of an existing user. The cloner will then send friend requests to all of the victim’s contacts. These contacts will likely accept the cloner as a friend since the request appears to be from someone they’re familiar with. Once accepted, the crook has access to the target’s personal information, which they can use to clone other profiles or to commit fraud. As Grayson Milbourne puts it, “Exploiting a person’s account and posturing as that person is just another clever mechanism to use to extract information.” Perhaps what’s scariest about this kind of crime is its simplicity. Hacking acumen is unnecessary to clone a profile; the criminal simply needs a registered account.

4. Cross-Platform Profile Cloning

Cross-platform profile cloning is when the cyber criminal obtains information and images from Facebook and uses them to create false profiles on another social-networking site, or vice versa. The principle is similar to profile cloning, but this kind of fraud can give Facebook users a false sense of security because their profile is often cloned to a social platform that they might not use. The result is that this kind of fraud may also take longer to notice and remedy.

5. Phishing

Phishing on Facebook involves a hacker posing as a respected individual or organization and asking for personal data, usually via a wall post or direct message. Once clicked, the link infects the users’ computers with malware or directs them to a website that offers a compelling reason to divulge sensitive information. A classic example would be a site that congratulates the victims for having won $1,000 and prompts them to fill out a form that asks for a credit card and Social Security number. Such information can be used to perpetrate monetary and identity fraud. Grayson Milbourne of Webroot, also explained that spearphishing is becoming increasingly common, a practice that uses the same basic idea but targets users through their individual interests.

6. Fake Facebook

A common form of phishing is the fake Facebook scam. The scammers direct users via some sort of clickable enticement, to a spurious Facebook log-in page designed to look like the real thing. When the victims enter their usernames and passwords, they are collected in a database, which the scammer often will sell. Once scammers have purchased a user’s information, they can take advantage of their assumed identity through apps like Facebook Marketplace and buy and sell a laundry list of goods and services. Posing as a reputable user lets the scammer capitalize on the trust that person has earned by selling fake goods and services or promoting brands they have been paid to advertise.

7. Affinity Fraud

In cases of affinity fraud, con artists assume the identity of individuals in order to earn the trust of those close to them. The criminal then exploits this trust by stealing money or information. Facebook facilitates this type of fraud because people on the site often end up having a number of “friends” they actually do not know personally and yet implicitly trust by dint of their Facebook connection. Criminals can infiltrate a person’s group of friends and then offer someone deals or investments that are part of a scheme. People can also assume an identity by infiltrating a person’s account and asking friends for money or sensitive information like a Social Security or credit card number.

8. Mining Unprotected Info

Few sites provide an easier source of basic personal information than Facebook. While it is possible to keep all personal information on Facebook private, users frequently reveal their emails, phone numbers, addresses, birth dates and other pieces of private data. As security experts and hackers know, this kind of information is often used as passwords or as answers to secret security questions. While the majority of unprotected information is mined for targeted advertising, it can be a means to more pernicious ends such as profile cloning and, ultimately, identity theft.

9. Spam

Not all spam — the mass sending of advertisements to users’ personal accounts — is against the law. However, the existence of Facebook and other social sites has allowed for a new kind of spam called clickjacking. The process of clickjacking, which is illegal, involves the hacking of a personal account using an advertisement for a viral video or article. Once the user clicks on this, the program sends an advertisement to the person’s friends through their account without their knowledge. This has become such an issue for the social media giant that earlier this year that the company has teamed up with the U.S. Attorney General to try to combat the issue.

-Michael B. Sauter, Adam Poltrack and Ashley C. Allen