Every second, 12 people online become a victim of cybercrime, equalling over one million victims worldwide every single day. The estimated cost of cybercrime was $3 trillion in 2015 and is expected to double by 2021, according to a report by Cybersecurity Ventures.
Although criminals have been committing illegal acts online practically since the start of the Internet, social media has made crimes much easier to commit. In fact, 81 percent of Internet-initiated crime involves social networking sites, and Facebook is especially a hotbed of criminal activity. Not only are there millions of active daily Facebook users to potentially target, but people tend to let their guards down around their Facebook “friends” more so than an unfamiliar persona.
You are probably aware of some of the standard tricks that criminals like to use, but others are surprising. Here is a summary of the most common crimes that involve Facebook and how you can protect yourself from becoming a victim (or inadvertently becoming a criminal yourself).
Profile cloning is probably one of the crimes that Facebook users are most aware of. This happens when a duplicate Facebook account is created using photos and information visible on the victim’s existing profile. The cloner will then request to be friends with all the victim’s contacts or suggested mutual friends and many of the contacts will accept because the request seems to be legitimate. Once accepted, the cybercriminal can have access to more personal information, which can be used to clone additional profiles. The assumed identity can also be used to gain trust and commit fraud by asking to “borrow” money or offering investments that are part of a scam.
Cross-platform profile cloning is similar but occurs when information to clone a profile is taken from one social network and then used to create fake profiles across other social networks. This type of cloning can be harder to find and fix, especially if the cloned profile is created on a social media platform the victim doesn’t already use.
Phishing is an intentionally harmful pursuit to gain personal information or access to your account. The target is baited to follow a link that either infects their computer with malware or directs them to a fake website. At least 20% of Facebook users have been exposed to malware, and Facebook receives 600,000 reports of hijacked logins every day.
The scammer can be disguised as a reputable organization requesting to verify information such as your social security number or credit card number. The fake website can even be designed to look like a convincing replication of Facebook itself and ask you to confirm your login email and password. Classic schemes promise money or gifts, but smart scammers have also been known to utilize spearphishing which attracts victims through their individual interests.
Once malware infects your computer or you enter your information into the fake website, it is entered into a database, which is usually sold and can then be used to advertise products or request funds from unsuspecting friends.
Clickjacking is an illegal form of spam that deceives a user into going to the wrong site or performing an unintended action. The scammer covers a link or button with multiple layers, creating an invisible frame that he or she can control. The user is then rerouted to the attacker’s site of choice.
Facebook defines clickjacking as websites that contain code to make your browser act without your knowledge or consent. Online criminals disguise threats as popular content such as exclusive clips, breaking entertainment news and gossip, latest world events, promos and contests.
A clickjacking Facebook worm went viral in 2010 using the following link titles:
– “LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE.”
– “This man takes a picture of himself EVERYDAY for 8 YEARS!!”
– “The Prom Dress That Got This Girl Suspended From School”
– “This Girl Has An Interesting Way Of Eating A Banana, Check It Out!”
Since these titles are similar to the thousands of users click on daily to past the time, the worm quickly spread. When users followed the link, they were taken to a seemingly blank page that simply said, “Click here to continue” but this was part of a clickjacking scheme and clicking anywhere on the page tricked users into liking a page and recommending it to all of their Facebook friends.
While many online crimes seem to be committed by scammers who hide behind the anonymity of the web, the following criminal actions are often perpetrated by acquaintances and may begin online but then escalate to threaten the victim’s physical and psychological well-being.
Cyberbullying and Harassment
Psychologists report that cyberbullying on social media sites has become a more common problem than bullying in person, and sadly the news is full of preteens and teenagers attempting and committing suicide as a result of being tormented online.
Abusive online behavior including sexual explicit and threatening messages conducted between adults is considered harassment. Users can try to ignore persistent unwanted cyber behavior and brush it off as just being an annoying part of social media, but cyberstalking can lead to in-person stalking or endangerment.
Several states, including Hawaii, have passed legislation to add harassment conducted through electronics to previous harassment laws. In addition, school aged children who are bullies or cyberbullies, along with their parents or legal guardian, can now be subject to a fine of up to $100 for each offense, where each day can be considered a separate offense.
Facebook users are comfortable divulging every aspect of their lives, sharing important dates, cherished memories, and most vulnerable moments. Personal information such as birthdays, email addresses, hometowns, and schools attended are often plainly visible on Facebook profiles. Armed with this data along with clues from status updates and comments, thieves can often figure out passwords and answers to security questions in order to hack into various accounts and proceed to ruin your reputation by posing to be the real you.
78 percent of burglars admit that they use social media to seek out their victims. Social media sites operate with geotags, an electronic tag that assigns geographic data to photos, videos, and posts to pinpoint the exact location where they were captured or posted. Using these tags, criminals can figure out where you live, work, and where your child goes to school. In addition, checking in to certain places or broadcasting when you are going on vacation alerts crooks when you won’t be home.
Defamation of character occurs when someone communicates a false statement that damages another’s reputation. Since social media platforms are designed to easily publish information without any fact checking, users can commit written defamation called libel in the heat of the moment before they even realize they have done anything illegal.
A defamatory statement must be proven to be untrue. If the statement is true, even if it is damaging to the person’s or company’s reputation, then there is no case. However, if the statement was posted as an opinion, it could still be considered defamatory if a reasonable person might consider the opinion as a statement of fact. For example, saying, “I think that restaurant has a cockroach infestation” could be interpreted as a statement of fact by the court.
It may feel like there is no real way to stay safe online, but just by reading this, you will likely be much more aware of potential scams and the kind of information you share. Practice the following tips to enjoy the benefits of social media without making yourself a target for criminals:
– Google yourself regularly and monitor your credit using the free annual report or monthly monitoring services.
– Consider unique user names and passwords for each social media profile.
– Create strong passwords and change them regularly.
– Never give out your username and password.
– Avoid listing the following information publicly: date of birth, hometown, home address, year of high school or college graduation, primary email address.
– Review your Facebook privacy settings and think about making your profile private if possible and only sharing posts with friends instead of publicly.
– Type www.facebook.com directly into your browser to get to Facebook.
– Keep in mind that Facebook will never ask you for your account password, social security number, tax identification number, or full credit card number or PIN. Facebook will also never send you your password as an attachment.
– Log out of Facebook when you use a computer you share with other people.
– Restrict your social media contacts to people you know personally and be cautious if you get a friend request from someone you are already friends with. You may want to write that person a message in case they are a victim of profile cloning and don’t know it.
– If you see a link that looks suspicious, don’t click on it (even if it appears to be posted by a friend or company you trust) and report it to Facebook.
– Check out Facebook’s extra security features such as login alerts and trusted contacts.
– Install at least two different anti-spyware programs on your computer and set them to scan and detect nightly.
– Report cyberbullying or harassment to Facebook, the child’s school, and/or to the police.
– Disable geotagging on your smartphone.
– Think before you post. Facebook and other social media networks are considered public forums regardless of your privacy settings, so anything you post could come back to haunt you.