Scammers turn on Social Networks

by Michael Smith

Scammers turn on Social Networks like LinkedIn, Facebook and others so researchers from BitDefender, the online security firm, have found. Social networks have become the latest target for Nigerian "419" scams. The scam has been put to use on the professional networking website LinkedIn, as well as other social networking websites. LinkedIn is like Facebook for grown-ups, being a business networking opportunity for 21 million users.

I am sure - or I at least hope so - that by now all Internet users are aware of the "419" scams. You know the one where Chief Abu Simba or whoever wants to give you millions of whatever nice currency, like US Dollars or British Pounds (or even Euro) for letting him use your bank account to spirit some money out of the country and such. Sometimes it is that you will have to forward them some handling fee first or, if this is not the case, they find a way to help yourself to money in your account. But many people seem to still fall for this. Greed, I guess, often overrides the brain.

In the recent outbreak of the Nigerian scam – an advance fee fraud that is estimated to gross hundreds of millions of dollars annually – the scam letter is sent as a LinkedIn invite to join the user’s network. A profile page is established with the social networking site to make the claims in the scam letter appear legitimate. Since the scams are only delivered to the social networking site’s user accounts, they completely bypass antispam filters.

"I think this new twist is more dangerous than the old "419" scheme because of the increased chance for network users to fall for the scam,” said BitDefender CTO, Bogdan Dumitru. “Since LinkedIn and other social networking sites are used to build up businesses or careers, users tend to view the invitations as trustworthy.”

I must say the ignorance of many users of the Internet entirely is beyond my comprehension at times. Those scams, as well as those emails they keep sending out to everyone in the address book, for instance, of Bill Gates wanting to give away his money, or other such spam, should by now, one would have hoped, known by all but those that for the last couple of years have been on a different planet.

Most social networking sites do not verify the identity of those who join, leaving the system open to abuse. However, LinkedIn recommends the following best practices when sending and receiving invitations in that (1) you only accept LinkedIn invitations from people you know and trust and (2) that you personalize your LinkedIn invitations and messages so that the recipient knows who you are. If necessary, remind the person of how you know each other.



© M Smith (Veshengro), September 2008