False Friends on Facebook

When Bryan Rutberg first appeared on Facebook last December, he joined millions of other boomers, who are the fastest-growing users of social networking websites.

A month later, the 47-year-old tech industry executive became a victim of a scam that is increasingly occurring on websites like Facebook, MySpace and class reunion sites.

On Jan. 21, Rutberg discovered his Facebook page had been hacked with this alarming message: BRYAN IS IN URGENT NEED OF HELP! He tried to access his page to remove the warning, but his password had been changed. When he tried to alert his friends from his wife’s Facebook account that he was OK, he says, the scammer had “de-friended” her, blocking any messages he sent. Meanwhile, Rutberg’s Facebook friends who had posted “what’s wrong?” messages were getting replies from the hacker, who posed as Rutberg and claimed that he had been robbed in London and needed money to get home.

One concerned friend, Beny Rubinstein, wired $1,200 overseas, which the trickster quickly collected. In e-mail exchanges, the hacker had provided enough personal details to convince Rubinstein he was Rutberg. “If you’re looking to impersonate someone, Facebook is a good place to start,” Rutberg says. “My page has the names and photographs of my wife, kids, parents, friends, where I went to high school and college—all kinds of personal information.”

With such details readily posted, identity thieves “are clearly investing time and resources on social networks,” says Ryan Naraine of Kaspersky Lab, an online security firm.

A common ruse: tricking users into downloading a program that records their keystrokes. It’s likely that Rutberg inadvertently downloaded one such program, providing his Facebook e-mail and password to the identity thief.

One common virus on social networks is called Koobface (from the word “Facebook”), which infects computers when a “video” link is clicked. It can steal personal data and also prompt users to download an updated version of Adobe Flash. “By clicking on that link, it attempts to trick you into buying fake antivirus software for $30,” Naraine says.

Facebook spokesman Barry Schnitt says that in five years, less than 1 percent of 200 million users had “security issues.” He says his company has bolstered its efforts to respond quickly to such problems. However, Facebook provides no phone contact number for members, and Rutberg says e-mails to Facebook reporting his hacking went unanswered for several days.

To avoid problems on social networks—or anywhere else online:

• Don’t click on links provided in messages—even from friends—unless you check them with a phone call or off-website e-mail.

• Get program updates by going to the company’s website, not through a provided link.

• Make your Facebook account private so that only friends can see your details.

• Scan your computer regularly with an updated antivirus program

• Be suspicious of anyone—even a “friend”—who asks for money over the Internet.

Report suspicious activity on social networks to that website and to the Internet Crime Complaint Center.

Sid Kirchheimer is the author of Scam-Proof Your Life (AARP Books/Sterling).