Getting to Know You (All Too Well): Online Dating, Social Networking Sites
October 2006Online dating and social networking sites like MySpace and Facebook have exploded in popularity over the last several years. Facebook, for example, has more than eight million users, with an additional 20,000 new accounts being created daily. MySpace, with an estimated 48 million users, has grown more 700 percent over the last year. The possibilities offered by these sites for friendship, romance, and all varieties of interpersonal relationships seem practically endless. At their best, these sites represent a genuinely positive marriage of technology and fellowship. At the same time, however, they represent a goldmine of potential targets, an environment ripe for con artists and other dubious sorts to obtain personal information under false pretenses and use it for identity theft, hacking, and sheer maliciousness, even murder.
A Cornucopia of Criminal Opportunities
These sites lend themselves to a wide variety of scams, most of which are driven by some form of deception (like so much computer-related crime). Phishing is one scam that has made its way onto these sites. Many users receive e-mails or instant messages that look like they came from the site itself, but they’re actually attempts by phishers to lure them into providing their password or other personal information. For example, according to a report entitled “Social Networking Sites under Attack” from the Office of Information Technology at the University of Maryland, in June of this year many users of MySpace fell for a scam in which they responded to messages asking them to sign into a fake MySpace Web page. The hackers then had their passwords and used the information to access their accounts in order to steal more personal information (credit card numbers, etc.).
In another phishing scheme, bogus profiles contain links that appear to be polls, photos, or videos. The links direct victims to another site designed to capture personal information. This scheme is ideally suited to the casual world of online social networking where people are apt to browse numerous profiles and click links indiscriminately.
Another crime involves so-called "sweetheart scammers." They often use bogus profiles, with attractive pictures and alluring details, and search the site for someone with whom they can develop an extended online correspondence. After they’ve built up a degree of familiarity and trust, maybe after sending more bogus pictures and even presents (most likely bought with a stolen credit card), they try to extract money from the target. The premise is generally a convincing sob story or some fabricated emergency. They might profess a great desire to meet the intended victim, but say they don’t have ready cash to travel because they were recently robbed and beaten and have been unable to work due to a long hospital stay, or claim to require urgent surgery or treatment for a serious illness. To get the funds, they might try to send the target a fraudulent cashier’s check to get him or her to send the amount in money orders to a remote location, often outside the U.S. One variation of the scheme happens when the fraudster convinces his target to establish a PayPal account to send money to the thief.
Sweetheart scams can be fatal. A recent story in the Cleveland Plain Dealer recounts an online dating worst case scenario. A California man had met a Brazilian woman online and established a robust relationship. He sent her expensive gifts and had also visited her in Brazil. On his third visit, he was drugged for about six days, during which he gave up information to access his bank accounts. The thieves got $200,000. Then he was murdered, allegedly by the woman and two other men, including her brother.
There are many other identity theft scams that revolve around social networking sites. Many of the scams are some variation on soliciting crucial personal information by claiming to want it for something innocuous, like a request for a user’s birth date for a horoscope discussion group. Phishing, data mining, worms, and Trojan horses are used throughout these sites to defraud people. Online dating and social networking sites are fertile ground for identity thieves to harvest their bounty, inspiring schemes that range from the technologically advanced to the shockingly simple.
In one crude scam, an in-person meeting is arranged. As soon as the target lets down her guard by, say, leaving her purse on the table while using the restroom, the identity thief swipes the purse and walks away. A recent story in the Dallas Voice describes a similar situation, where a gay man who was trawling for sex online ending up in a drug-fueled orgy in a hotel room, but had actually stumbled into an identity theft ring. He left his wallet on the nightstand and later learned that his credit card information had been copied by one of the participants in the orgy, and later used to make purchases in his name.
User Carelessness Fuels Online Scams
The opportunities for malice on dating and social networking sites are enabled, not surprisingly, by the habits of the legitimate users. A recent study conducted by the National Cyber Security Alliance and the software firm Computer Associates found that 74 percent of those who use social networking sites divulge personal information, especially phone numbers, e-mail addresses, and birthdays. Many users also download unknown files (80 percent of users) and respond to unsolicited e-mails or instant messages, all of which play into the hands of identity thieves.It’s difficult to be unfailingly scrupulous when you become immersed in the allure of online socializing. In this fast-moving world, where every point and click may carry the promise of making a real human connection, the consequences of seemingly harmless actions may be easily overlooked. But giving someone your real phone number or e-mail address may be giving them more than you intended. Phone numbers can be reverse searched, allowing someone to find your address. There are also companies, like Abika.com, that advertise their ability to obtain the real identities of people who participate in online dating websites. Abika offers, among other dubious services, the capability to find the name of a person associated with an AOL screen name.
New Services Spring Up to Protect Users
Social networking sites as a rule do not vet applicants—if you can pay you can play. However, legislation requiring online dating services to conduct criminal background checks has been at least debated in several states, including Florida, Michigan, Texas, and Virginia. In the meantime, the private sector has stepped in to fill the security breach, and a cottage industry of services designed to make online socializing safer has emerged.PersonaCheck.com offers people who use dating sites a way to prove their identities to others without disclosing overly sensitive information. When users sign up for the service, the company does a background check and “certifies” them, which is indicated prominently in their profile. It is an imperfect alternative to an actual background check, which may be more foolproof but is often considered an invasion of privacy.
There are numerous other players in this new market, including companies such as Corra, which do background checks. (“You wouldn't let a stranger into your house, Why let him into your heart?” reads the headline to one of their ads.) PhoneConfirm.com markets its services directly to social networking sites. The service allows a site to verify that a phone number associated with an applicant is legitimate, which supposedly “optimizes the ability of social networking websites to stop multiple accounts, spam-related profiles, repeat underage sign-ups, online predators, and fake or harassing profiles.”
MyPrivateLine.com allows you to quickly set up a personal and disposable toll-free number that forwards calls to your personal number. This would seem to be a particularly valuable service for the safety conscious user of online dating sites--after all, if you really want to make contact with someone you meet online, you’re eventually going to have to give him or her your number.
An Ounce of Prevention . . .
Since online networking sites are legally considered distributors of information, not publishers, they’re not liable for criminal acts perpetrated by one user against another. All the major dating and social networking sites offer tips on how to be safe and smart when interacting with other users, but not everyone reads or follows the advice (as shown by the study cited above). The key to disaster-free dating/networking is safeguarding personal information from those who are up to no good. This, of course, is easier said than done. For some, navigating these sites is like being a kid in a candy store; it’s an environment of seemingly unlimited possibilities that tends to fire the passions, in which case the kind of rational, vigilant behavior necessary to be truly immune from online scams can be difficult to sustain. Dating sites in particular lend themselves to intricate interactions, even full-blown relationships, leading some to an emotion-drenched arena of sex and romance. It’s not hard to see why people in these circumstances might be particularly susceptible to exploitation.There’s no reliable way to protect someone from the consequences of their own romantic intoxication. All the posted guidelines in the world can’t counteract mankind’s strongest impulses. Ultimately, though, whether the message is heeded or not, it really is better to be safe than sorry. But taking a moment to reign in the emotions and follow basic principles of online interaction can mean the difference between finding true love and losing your savings, and maybe even your life.
Online Dating & Social Networking
How to Minimize the Risks of Becoming a Victim:- Do not use your real name or personal information in your profile
- Do not give out your name and address (or any other personally identifying information) early in the contact process
- Use separate e-mail and instant messaging accounts when communicating with others on the site.
- Don't give out your work or home number--both of can be input into a lookup directory which would reveal your home address and other personal information
- Block your caller id before you make contact.
- Select on-line dating sites that use a “double-blind” e-mail contact method, whereby both parties do not know each others real identity.
- Read and follow all the privacy and safety tips on the sites you use—they are there for a reason.
