Thursday, December 04, 2008

In Social Media We Trust

My entry into the social media realm has been very interesting - to say the least. I've stayed mainly with the mainstream services: FaceBook, Twitter, LinkedIn, Pownce (shutting down Dec 15th), Jabber, etc.

I've even been able to amass some "friends" on each of the services. I've been pretty careful about who I will add as a connection in each of them - but I was reading an article by Mike Elgan from ComputerWorld the other day that really gave me pause.

He was talking about the fact that it's possible for scammers, theives and other miscreants to "hijack" the identities of people you may really know - and pose as them - in order to gain your confidence for an a scam attack at some point in the future.

He points out some really interesting points: in the social media world we will trust another person who we (think) we know as a "friend." Now that person can see all of our other friends and their profiles. But what I never really stopped to think about was just how easy it would be to steal someone's identity and pose as that person.

Mr. Elgan calls it "How to steal friends and influence people":

Step 1: Request to be "friends" with a dozen strangers on MySpace. Let's say half of them accept. Collect a list of all their friends.

Step 2: Go to Facebook and search for those six people. Let's say you find four of them also on Facebook. Request to be their friends on Facebook. All accept because you're already an established friend.

Step 3: Now compare the MySpace friends against the Facebook friends. Generate a list of people that are on MySpace but are not on Facebook. Grab the photos and profile data on those people from MySpace and use it to create false but convincing profiles on Facebook. Send "friend" requests to your victims on Facebook.

As a bonus, others who are friends of both your victims and your fake self will contact you to be friends and, of course, you'll accept. In fact, Facebook itself will suggest you as a friend to those people.

Yikes! Just think about that for a minute. Someone out there could be on another social media site right now using your name, your photo and your profile to lure people into a scam, or worse. Now, the bad news is - the damage may already be done.

As a precaution, I would suggest that people who are "into" the social media scene (and who isn't these days?) - check out some of the other social media sites by searching for yourself. If you find a fake that's on there - you owe it to yourself to report it to the appropriate service and get the "bad" profile removed.

I've never had to deal with this personally (thank goodness) - so I'm not sure what the policy would be. Do you get to keep the profile up there - but you just take over the username/password? What happens when you want to join that same network after the offending profile as been removed? Can you even keep your same name (your real name) - or will it be blacklisted?

GREAT! Just one more thing to be paranoid about...

If any of you out there have experience with this - or know of someone who does - be sure to leave a comment.

2 comments:

BitSplitter said...

Maybe claiming your name on social networks will become as important as claiming a domainname for your bussiness.

Bob Cusick said...

Yeah, I totally agree. It's something that I never even thought about before.

THANKS for the comment!

Web Analytics