Facebook ID fraud on rise in Japan
The Yomiuri Shimbun
August 29, 2013 15:56 MYT
August 29, 2013 15:56 MYT
Identity fraud on the popular social networking site Facebook has been on the rise recently, with fraudsters hijacking accounts or masquerading as real friends or acquaintances.
Some victims have had their personal information stolen after approving fake friend requests from acquaintances.
*******
Familiar name
"These are some pictures taken by my friend. If you don't mind, please vote for them."
A 48-year-old male company employee from Chiba city, the capital of Chiba Prefecture, Japan, received this Facebook message in June from a female company employee in Kashiwa, also in the prefecture.
As she was an acquaintance from more than 10 years ago, he did not think twice before clicking on the URL. The link took him to another site with several photos of scenery.
When he tried to vote for one of them, he was asked to enter his cellphone number.
Thinking this to be strange, he contacted the woman, who said she had not sent any such message.
She logged into her Facebook profile and checked with her friends on the matter, only to find her account had been used by an unknown person.
Similar messages had been sent to about 60 of her Facebook friends.
The woman had been using the same password on several different websites. "My password must have been stolen from some of the sites and used maliciously," she said.
"My account may have been hijacked. I'm terribly sorry for causing my friends trouble."
Antiviral software company Trend Micro said it had confirmed five cases in which Facebook users were tricked into visiting websites using a similar technique and actually entered their cell phone numbers.
"Their friends' Facebook passwords might have been compromised or their devices might have been infected with a remote-control type Facebook virus," an official at the firm said.
*****
Malicious masquerade
Friend requests from people masquerading as acquaintances are also on the rise.
In mid- and late June, a female Tokyo university student received Facebook friend requests from her high school "classmates."
After approving each request, she received a message requesting her to contact an e-mail address. She was then redirected to a paid dating service.
Eiichi Moriya, a senior security analyst at IBM Japan Ltd., investigated the victims of such Facebook phishing cases by running a search on their names through the Internet.
In early June, there were only a few cases per day. However, since the middle of the month, the number shot up to 50 to 100 per day.
In some instances, a fraudster had examined a person's friends list to find "friends of friends," and then sent friend requests while masquerading as that person.
"Once you friend someone on Facebook, it's rather easy to obtain any personal information listed in their profile, such as an e-mail address or place of employment," Moriya said. "Also, you tend to trust an e-mail if you think it's from a friend. That makes it easier for the culprit to scam you or infect your device with an information-stealing virus."
He added, "Although it's very difficult to distinguish between fake and real messages, you must be mindful that a person's Facebook profile could be fake if it has no profile photo or little to no posts."
********
Abusing system
With the correct e-mail address and password, anyone can illegally log into a person's Facebook profile and write posts or send messages to his or her friends.
Facebook has an identity confirmation system for people whose accounts have been locked.
However, this system can be abused by users looking to hijack Facebook accounts.
Under the procedure for confirming an individual's identity, one must ask three or more Facebook friends to receive security codes and send them to the individual so they can set up a new password.
The person's identity can be confirmed if the security codes sent by the individual are all correct.
However, it is possible for a fraudster to get a new password if he is masquerading as that person.
"We can't comment on whether that is possible or not, but we have beefed up our security countermeasures," said an official of Facebook Japan. -- The Yomiuri Shimbun