Facebook users beware

Photo / Bay of Plenty Times

Facebook users have been warned they will be among targets of a huge increase in cyber crime next year.

Internet scammers are increasingly hacking into personal profiles on social networking sites to defraud the account holder's friends, said one expert.

David Hall, from internet security company Symantec, said most people were wise to email scams but could let their guard down if the con appeared to come from someone they knew.

"They're preying on trust, and that's going to grow a lot more in 2010. It's a lot more effective than just sending out spam."

Aucklander Ella Wilks, 24, had her Facebook profile hacked into this month.

Under Wilks' name, the hacker contacted her friends with a link and a message telling them to check out a video of them she had found.

"I got a text from a friend saying, 'I think your Facebook account's been hacked', because apparently I sent her about 30 wall posts in about 30 minutes," said Wilks.

Most of her friends were smart enough not to click on the links, which would probably have infected their computers with malicious software known as "malware".

Hall says the scam was probably called Koobface, where clicking on the link would take victims to a fake YouTube site.

Before they watched the video, another fake box would pop up asking them to update their Flash Player.

If they clicked on that, their computer would become infected with a keystroke logger, which would record every character they typed to find out their passwords.

Those passwords could be used to access bank accounts and other personal information.

Another Facebook scam saw hackers break into accounts and send messages to friends asking for help, said Hall.

The most common version of the story involves being stuck in London and needing $600.

After being alerted by friends Wilks immediately changed her password, but Facebook had suspended her account. Before she was allowed back in, she had to prove there was no malware on her computer.

"Facebook must be aware of it and can see when people are being spammed."

Facebook has filters to screen spam and malware, but some attacks still break through. A spokesman said fewer than 1 per cent of members were successfully attacked.

A page on the site instructs members what to do when their profile has been hacked into. They should change their password and run a free virus scanner to ensure their computer hasn't been infected with malware.

Police national e-crime manager Maarten Kleintjes said scammers would use "anything in their ability" to make money.

He knew of one incident where a businessman's Hotmail account was hacked into and the password changed to lock him out.

It was then used to email all his contacts - in this case his clients - with a sob story about being on holiday in Africa, getting injured and needing money. He knew of other scams where cyber criminals had used dating sites to scam people over several months, and even where victims who had indulged in cybersex via webcam had been blackmailed with the footage.

NetSafe executive director Martin Cocker said cyber crime was becoming the "preferred avenue" for attacking internet users.

His advice was to use common sense, be careful when downloading and make sure the security settings are up-to-date. Hall advised everyone to change their passwords often and to use different ones for different accounts.

An ever-growing threat

Riskiest celebrities
* Michael Jackson
* Serena Williams
* Patrick Swayze
* Harry Potter
* Barack Obama

Top spam subjects
* Who killed Michael Jackson?
* Your friend invited you to Twitter!
* Get a diploma for a better job
* Get swine flu medicine here
* Re: Do you owe tax debt? Read on

What's in store in 2010?
* Fraud using social networking sites
* Scareware (fake security software) vendors stepping up their efforts * Mac and mobile malware increasing
* Twitter: shortened URLs disguising malicious websites

How to stay safe
* Don't open suspicious emails or attachments
* Use up-to-date security
* When asked to allow or deny an application, always deny unless you're totally confident the site is safe
* Use hard-to-hack passwords
* Don't give credit card details to unsecured sites: look for https:/ at the top of the browser and the padlock symbol at the bottom right

Source: David Hall, Symantec