Beny Rubinstein knows computer security. An employee of a Seattle-area tech giant with 20 years of IT experience under his belt, Rubinstein has seen a side of the industry that most people will never know. He holds a degree in computer engineering, and--oh yeah--he just got scammed out of $1100 on Facebook.
Rubinstein's experience isn't entirely uncommon. (We'll get to the specifics in a moment.) What's striking about his story, though, is that it demonstrates how easily anyone--even a highly trained expert in computer security--can be ensnared by a seemingly simple social network trick. And all kinds of these schemes are on the loose.
More than 20,000 pieces of malware attacked social networks in 2008 alone, estimates the online-security firm Kaspersky Lab. That's no surprise, either: While e-mail is still the most spam-filled medium, researchers suspect that social network cybercrime is growing at a far faster rate.
"People are used to receiving spam and malicious messages in their e-mail, but it is much less common on Facebook," says Graham Cluley, a senior technology consultant with Sophos. "They are lulled into a false sense of security and act unsafely as a result."
You can avoid becoming one of the many who make that mistake. We've dug up the dirt on five schemes currently posing a threat on Facebook. We turned to analysts who study them as well as to users who have fallen for them, all to help spread the word about how these things work and how you can best dodge them. (Facebook representatives did not respond to our request for comment.)
Knowledge is the greatest weapon against becoming a victim. Read on, and arm yourself well.
Scheme #1: The Nigerian 419
It may sound like a hip new emo band (or a somewhat old e-mail scam), but the Nigerian 419 will do more than just offend your ears--it'll also empty your wallet. The moniker refers to a scam dating back decades that has recently entered the social network scene.
Back to Beny Rubinstein. A couple of months ago, Rubinstein received some alarming Facebook messages from a friend and fellow tech professional.
"[He said] he was in the UK and was robbed, and needed $600 to fly back to Seattle," Rubinstein recalls.
The messages came both in Facebook-based IMs and in e-mail. They included details such as family members' names, making the notes appear all the more authentic. It wasn't until 2 hours and $1100 later that Rubinstein realized what had happened: Someone had hijacked his buddy's account, contacted his friends, and--at their expense--made off like a bandit.
"Scammers figured out that even though social networks don't have direct access to money, they have access to information that gives you a good shot at getting someone else's money," says Vicente Silveira, a product management director at VeriSign and a personal friend of Rubinstein's.
The Protection: Before you send cash to a pal who seems to be in trouble, try to contact him or her outside of the social network--either by phone or by external e-mail. Not feasible? Ask an extremely personal question that a hacker couldn't possibly figure out from information within the profile. We'll leave the specifics up to you.
Next: Be Wary of Widgets, The Koobface Virus, Facebook Phishing