Identity theft is nothing new, but now social media outlets, such as Facebook, are providing a new way for thieves to hijack identities.
Diane Solomon was running in the Revlon Run/Walk for Women in downtown Los Angeles when she got a message from her neighbor in Santa Clarita saying she was talking to her on Facebook. Problem is, Solomon didn’t have a Facebook account.
“(My neighbor) said, ‘Well, you do this morning and I am talking to you. There’s even a picture of you in the bowling ball costume from the Halloween party last year, and you’re asking me for money,'” said Solomon.
It all started with a text Solomon received on her phone on the way to run the race at the Coliseum in downtown. The text said that her personal e-mail address had been removed and that a new e-mail address had been added.
About 30 minutes later, Solomon received an e-mail on her phone from her new personal Yahoo account to her work account titled “My Plight.”
“Basically it said I was traveling in London with my family and we were held up at gunpoint. Everything was taken but we still had our passports. We couldn’t clear the hotel bill, we couldn’t get home, and I needed some money,” Solomon explained.
But that wasn’t true because Solomon was in LA running the race. Someone had broken into Solomon’s Yahoo account, found a photo of her dressed as a bowling ball from Halloween, and used it to make a fake Facebook account. Once the hacker assumed Solomon’s identity, he or she sent out the e-mail to all the people in her Yahoo address book.
The most frightening part? Most of her friends were ready to wire her money right then and there.
The FBI calls this type of Identity theft social engineering.
“With social engineering, what you can do is you can use other people and resources and not necessarily have to go in through the front door hacking through a computer,” FBI agent Alice Tsujihara explained. “There is a lot of electronic information of our personal information stored over the Internet.”
Tsujihara, who specializes in identity theft and works with the Southern California High Technology Task Force, sees this type of identity theft more and more these days.
“The more believable you are when stealing that person’s identity, the more successful you’re going to be,” said Tsujihara.
What Solomon’s impersonator probably didn’t expect was how quickly Solomon would react to the hijacking. Within four hours of the breach, she shut down her Yahoo and Facebook accounts, and saved her friends from sending money overseas.
Although Solomon had no control over the fact she was targeted by the hijacker she said, “I felt completely violated. I felt like I put my friends and my contacts at jeopardy. I felt responsible that they could have lost money.”
Luckily, in this case, no one did, but scams like this occur everyday, several times a day.
“A few years ago, statistically they said one in four are victims of identity theft, but with all the skimming and counterfeiting, I think all of us will eventually become a victim and we certainly will know people that have been victims of identity theft,” said Tsujihara.
As for Solomon, she believes she downloaded a worm or monitoring virus on the Internet. That’s most likely how the hacker got her password because it would enable someone the ability to monitor her keystrokes, thus accessing her password.
For that reason, authorities urge people to change their passwords frequently, use antivirus software and never give out personal information.
Facebook responded by saying crimes like this affect “a smaller number of people,” but that they take these security threats “very seriously,” and have measures in place to detect and notify users if their accounts have been modified.
