Facebook is a fantastic resource for collaboration, reconnecting with old friends, meeting new people, and discovering products and services from around the web that have a presence on Facebook. With all this new- found “connectedness” come many new ways for unscrupulous individuals to try and take advantage of the less vigilant. The latest of these attacks comes in the form of, what is called in the security world, social engineering. Social engineering is when an attacker tries to convince you of something in order to take advantage of you. An example in the real world would be an investment scam: “‘Give me money for this great company that doesn’t exist and you can’t lose!”
On Facebook, social engineers are making copies of profile pictures and creating dummy accounts using the same name as the person whose profile picture they have copied. These individuals then turn around and begin sending friend requests to the victim’s friends. Once the victim’s friends accept the request, the attacker begins posting ads and links to all manner of sites, hoping that the trust the victim’s friends have in them will lead them to click the links they post, thereby snaring their real target, the victim’s friends. This kind of attack could not only be detrimental to those who click on the links, but could also ruin the victim’s reputation with friends, clients, and colleagues they have connected with through Facebook.
To protect yourself from these profile hijackers, it is important to understand Facebook’s privacy settings and to know who can see your posts. Facebook has a resource in their help center to help users understand and use privacy settings to protect their profiles and identities on Facebook. The privacy section of the Facebook help center can be found here: https://www.facebook.com/help/privacy. Remember to always check out the profile of someone before you add them as a friend, and if you get a friend request from someone you know you have already accepted, check with them before accepting the request. As a general rule of thumb, you should never add anyone as a friend who you don’t know personally.