Social Networking and Trust

I heard a scary and interesting story last week. A new friend, a security expert, told me that his wife was contacted by a friend on Facebook indicating they were traveling and needed help, i.e. money. So the security experts wife is being contacted by a Facebook friend for help. The wife then started a message session with this person and they proceeded to chat about the problem they were having, the real was need, and how was the kids soccer game last Tuesday, and about an upcoming school event, etc. etc. In short, the wife had a real conversation about real events with this person on Facebook via chat.

Afterwards, the wife still felt uneasy about things and decided to drive to her friends house. The friend was indeed not traveling and had no money problem. The wife had been chatting and having a real, genuine chat with a person pretending to be the real facebook friend. This was not just an email scam but it was much more sophisticated, and scary, in that the person trying to engineer the theft had been lurking online for days/weeks/months and had enough information from the wife’s timeline to carry on a plausible conversation with the wife.

The friend’s computer had been hacked in some fashion where the thief was able login to Facebook as the friend and post and chat on the friend’s behalf. The wife’s computer was fine and secure, but her friend’s computer and accounts had been compromised.

Just because a person can carry on a conversation with you online or someone(friend) sends you an invite to connect doesn’t mean any of it is true. If they know your home town, or your high school, or your brother’s name doesn’t mean they are your friend.

There are countless warnings about security and not trusting online. This is just another example.

I don’t know the answer to these challenges other than limit your precious trust online, doubt anybody reaching out to connect with you and double check all you can check. And change your passwords, use two-factor authentication where available and limit how you connect accounts together, i.e. use Facebook or Twitter to autenticate to something else.

This is really a trust issue. Limit what you trust online.




4 thoughts on “Social Networking and Trust”

  1. This is indeed a growing issue. Spoofing email and now facebook WOW! Video chat would be a good way to see who you are really talking with.

  2. Hi Mark,

    This is a excellent example of a spear phishing attempt. No level of technological controls on a PC would have prevented this. It took a person who was aware of her surroundings to foil this attack.

    This morning I ran across the following user awareness memo on phishing by the University of Alabama:

    The user awareness memo is nicely worded, and doesn’t contain technological terminology that may confuse a non tech-savvy reader. I think this message can be adapted by any organization and sent to their user base to make them aware of phishing


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s