Cyberscams befriend social networks

Enforcement hurdles
There's no easy solution for the social networking sites themselves. Each major networking site contains terms of service that prohibit posing as another user. "The rules of impersonation are pretty much the same on the Internet as off the Internet," says Gene Landy, principal with Boston-based law firm Ruberto, Israel & Weiner.

In both places the severity of punishment hinges on how much harm is intended. Pretending to be an ex-girlfriend and posting embarrassing photos on Facebook, for example, would likely constitute a civil offense, Landy says. But almost any serious attempt at fraud — pretending to be someone else to obtain money or retrieve sensitive information — would likely be tried as a criminal offense, he explains.

Enforcing the rules online can be tricky for social networks that don't want to put off would-be users with a rigorous authentication process. Facebook maintains a long list of blacklisted names that bars users from registering with fictitious names such as Donald Duck and Evil Spock, two of the most popular false IDs, says Facebook's head of security, Max Kelly.

The site also prohibits suspicious activity such as spamming users with hundreds of messages. But mainly it falls to users to be vigilant. "If you use Facebook the way we intend people to use Facebook, which is to model your real-world interactions, people won't be able to impersonate someone else," Kelly says. Still, he adds, "I'm not ruling out that we may look at other ways to verify people's identities in the future."

Security expert Moyer admits it would be pretty difficult for LinkedIn to have measures in place to thwart his experiment, but says it and other sites should take some steps to authenticate users. For one, he recommends that new user profiles get stamped with some kind of "born-on date" that displays when the account was created. That could impede scammers who cycle through many new accounts every day. Also, sites should develop some kind of peer warning system that lets users flag others' suspicious activity.

Still, the best prevention method remains educating Web users to be more cautious of people in their networks. "When I get a friend request, I tend to ask people what T-shirt [they] wore the last time we had dinner," Moyer says.

A simpler way to check identity is to spend some time on the person's profile, see how long they've been active, how familiar their friends appear to be, and whether the messages and multimedia they post reflect their personality.

When all else fails, it's probably best to be leery of requests for money or bank account information — especially when they emanate from deposed dictators.

MORE FROM DIGITAL LIFE

Digital Life Section Front

Watch your TV from thousands of miles away Lines between netbooks, laptops keep blurring Cell phone models change frequently Cell phones more distracting than passengers Facebook making Web surfing more social Britney Spears, Obama lead Yahoo top searches Online networks a magnet for job-seekers When you don't want to be Facebook friends Juror chats sex abuse trial on Facebook European history, culture and art goes digital Digital Life Section Front   Add Digital Life headlines to your news reader: