Social media – the new playground for fraudsters. Part 2

As we have seen, social networking sites are particularly vulnerable to fraudsters because they are communities built on trust. The urge to post personal and often intimate details of your everyday social and working life makes these site rich pickings for identity theft.

Fraudsters will often set up false identities on the larger social networking sites, enabling them to present themselves as someone else, whether real or not. The false identity is the basic tool of the con artist, and though some false identities will be created for fun, most will have a more predatory mission, engaging the unsuspecting, establishing fake friendships and often leading to requests of aid, money and potentially more.

Rather than fake an identity, many cyber criminals will simply ‘hack’ a profile page, all they need is a username and password. In many cases, this is their idea of a game, and will result in little more than defacing the page with graffiti. However, in more serious cases, these hacks will be used to install malicious code, often for the purposes of spamming others, or in the worst case to launch cyber bullying and trolling attacks on others.

Most concerning is the rise in identity theft initiated through social media sites. The way most criminals gain access to an identity is by phishing for a log-on password, usually by sending a message via the social network which appears to be an invite from a friend to their new profile page. This fake page will ask for a second log in. That is how easy it is for your confidential password to fall in to the wrong hands. Most social network log-in passwords will almost certainly give access to other sites, from additional social networks to banking, which in turn are enhancing their security with questions built around your personal preferences. Social media profile pages are a rich source for exactly this kind of personal information that can be used for ID theft, from age and birth date, to location, phone number, email address, as well a job and family details. More than anything else, the fraudster will have access to recent photography of you. In the worst case, fraudsters will use this information to not only pillage your bank account, but will target your network of friends and family using your identity.

In part three we will suggest some useful advice on how to prevent becoming a victim of social media fraud... 

Protecting your phone

News reaches us from Juniper Research via Gomo News that only 5% of smartphones and tablets are “protected”.  In this case the definition of “protected” appears to be that a device has security software installed.  What caught our eye was also a comment from Gomo News expressing surprise about this figure, with the increased publicity around the risks of mobile phone “malware, fraud and device theft”.

This raises some interesting issues.  Whilst it may be shocking that as little as 5% of all smartphones have security software installed, for many the shock will be that as many as 5% have protected their devices.  Having asked people in the close vicinity (many of whom are far more mobile savvy than much of the population) it is clear that the 5% figure is much higher than our straw poll.

The second interesting point is the bundling together of risks from “malware, fraud and device theft”.  The reality is the threats from each of these demons can be considerably different.  You can download malware but not device theft.  Fraud is easier to achieve with a simple telephone call or text message than with the creation of an app.  In this sense, users need more than “protection” for their device. 

Which brings into focus the final point.  As Gomo News points out, there are a number of free software services that enable you to protect your device, but from what?  Free software will not protect a user from a Wangiri fraud.  Whilst it may be able to ensure that data on a device is not accessible if a phone is stolen, it cannot ensure that the device is not stolen in the first place.

Anti-virus and anti-malware software for smartphone is a good thing – particularly when it is free and effective.  However, users need to understand the wider threats associated with fraud, theft and criminal activity in telecommunications.  Mobile fraud will not be beaten by protecting devices alone.  A wider awareness of the threats and risks of all criminal activity in telecommunications is needed to reduce this risk.

It's an apps world

The growth in the mobile app market has been nothing short of spectacular.

This completely new market has developed from scratch to a potential market value of $100 billion by 2017 according to industry analysts, with the average smartphone user having 41 downloaded apps on their device in 2012 according to research by Neilsen.  Rather like the number of blogs or websites, numbers cannot do justice to the volume of apps available and any estimate of the numbers would be completely meaningless and outdated in days.

Mobile users have embraced not only free but also paid for apps, yet users will not pay any attention to where the app comes from and who publishes it.  Users probably should because apps represent perhaps one of the most effective means through which fraud can be perpetrated on mobile users. This was recently highlighted by research from Lookout that was reported on the BBC.  Mobile viruses that steal money have grown in the past nine months from 29% to 62% of all mobile malware. 

It is no surprise to hear that fraudsters are now looking to monetise the mobile app industry - where there is brass there is muck after all.  The worrying issue for users is one of trust: the apps industry is so young that it is difficult to know who, amongst thousands of developers, can be trusted and who cannot.

The other issue is one of transaction size.  The article on the BBC hints at viruses surreptitiously adding unexpected charges to a user’s bill.  The relatively low cost of apps means that users are less likely to notice this kind of micro-fraud – let’s face it most people will notice an absence of £69 from their bank account quicker than 69p.  More pertinently users that are simply keen to grab the latest app are unlikely to check the terms and conditions that are attached. Users might therefore being duped into paying on-going costs for an app each and every month unwittingly. 

At some point during the 1990 and 2000s email users understood the message that it was a bad idea to open certain attachments from people that did not know.  During the 2010s mobile users will need to learn the same vigilance – sadly on the way many will be duped and conned.