What the average guy might call a con is known in the security world as social engineering. Social engineering is the criminal art of scamming a person into doing something or divulging sensitive information. These days, there are thousands of ways for con artists to pull off their tricks (See: Social Engineering: Eight Common Tactics). Here we look at some of the most common lines these people are using to fool their victims.
Social Networking Scams
"I'm traveling in London and I've lost my wallet. Can you wire some money?"
Social networking sites have opened a whole new door for social engineering scams, according to Graham Cluley, senior technology consultant with U.K.-based security firm Sophos. One of the latest involves the criminal posing as a Facebook "friend." They send a message or IM on Facebook claiming to be stuck in a foreign city and they say they need money.
"The claim is often that they were robbed while traveling and the person asks the Facebook friend to wire money so everything can be fixed," said Cluley.
One can never be certain the person they are talking to on Facebook is actually the real person, he noted. Criminals are stealing passwords, hacking accounts and posing as friends for financial gain.
"If a person has chosen a bad password, or had it stolen through malware, it is easy for a con to wear that cloak of trustability," said Cluley. "Once you have access to a person's account, you can see who their spouse is, where they went on holiday the last time. It is easy to pretend to be someone you are not."
"Someone has a secret crush on you! Download this application to find who it is!"
Facebook has thousands of applications users can download. Superpoke is one example of a popular application many users download to enhance their Facebook experience. But many are not trustworthy, according to Cluley.
"It is impossible for Facebook to vet all of the applications people write," he said.
Sophos, which tracks cybercrime trends, is seeing Facebook applications that install adware, which cause pop-up ads to appear on a user's screen. The other danger, according to Cluley, is that installing many of these applications means you give a third-party access to your personal information on your profile.
"Even if they are legitimate, can you trust them to look after your data properly?" said Cluley. "A lot of these applications are really jokey. You don't really need those. People should consider carefully which ones they choose to accept."
"Did you see this video of you? Check out this link!"
Sophos is also seeing an increase in Spam on Twitter, the popular social network where users "Tweet" quick one line messages to others in their network (Read: 3 Ways a Twitter Hack Can Hurt You).
A spam campaign on Twitter in recent weeks involved a Tweet that said "Did you see this video of you?"
"If you think the link is from a friend, you are much more likely to click on it," said Cluley.
Unfortunately, users who clicked on the link ended up at a bogus site that only looked like the Twitter web site. Once there, unsuspecting Twitterers entered passwords, which then ended up in the hands of hackers.