As reported by @gcluley on Naked Security this week, a suspected fraudster has been charged with attempting to steal thousands of pounds from his neighbours’ online bank accounts. What makes this story particularly interesting (and also worrying) is the way in which this criminal went about gathering the information which he then used to access these accounts.
The report claims that Iain Wood ‘friended’ neighbours in his building using sites such as Facebook and Friends Reunited, before spending many hours a day studying their profiles for clues as to their passwords. This, combined with the fact that he was able to intercept some of his neighbours’ post due to sharing the same building, gave him all the information he needed to access their accounts.
Aside from being a little creepy, this story once again highlights the need for users to be aware of how much information they are sharing with ‘friends’ online. This also is a wakeup call for banks to ensure they have fool-proof identity solutions in place to protect customer accessing their online accounts. No one should be putting information online which would allow potential fraudsters to take an ‘educated guess’ at the answers to their security questions. But equally, no bank should be granting access to accounts based purely on information which can be so easily gathered. And perhaps most crucially, no one should be accepting requests on Facebook or any other social network unless they’re confident that the person in question is indeed someone they know well and are comfortable with them viewing the information you post.
The growing popularity of social networks has thankfully led to a greater appreciation of the potential reputational damage of unauthorized access to social media venues. Huge brands such as Vodafone and Virgin have discovered to their peril how much havoc their own employees are capable of creating using social media, so the prospect of an outsider having access to things like corporate Twitter feeds (followed by thousands of customers) is a scary one. With this in mind, Facebook took steps earlier this year to improve its mobile authentication process. Steps like this are to be applauded, but they must be paired with common sense from users and more stringent security from banks if we are to ensure that the billions who enjoy social networks are able to do so safely.