Basically it went like this: It started by a user receiving friendly messages from a friend from abroad in her profile page which elevated to an exchange of cellphone no’s. She initially asked for some cellphone load, then started borrowing money. To the point that she even borrowed 15,000 for a medical operation.
The victim started doubting the identity of her friend but the friend was able to put her at ease with information that only she would have known. Then the victim started hearing from her friends that somebody was impersonating her at friendster and borrowing money. The final straw was when the friend asked her to buy a laptop for her friend’s relative in Davao to which she would pay her back.
An entrapment operation ensued and the perpetrator was caught in Davao. The perpetrator was a female and she admitted hacking into the account of the victim’s friend. She did this by using the email address found in the profile page and studying the information found in her page to come up with the password. The perpetrator caught during the CIDG entrapment operation is now being charged with Estafa in Manila. I think they could charge her with hacking also because it is covered by the Philippine E-commerce law.
Its sad to hear news like this, of technology being used for bad things. Definitely not the fault of Friendster as they are the no.1 Social Networking site in the Philippines and with that much number of Filipino users in them they are a magnet for scammers wanting to dupe innocent and unsuspecting victims.
On Friendster’s side, I think it would be good if they could add a password reset function in their account, which locks down the account after a couple of bad Log-in tries.
From this report, what I think we can learn from, with regards to our Social Networking account pages are:
- You shouldn’t post email and cellphone information in your profile page.
- As much as possible lock your profile page to people that you only know. That way they can’t use your information to hack your friends account or worse, your own. For females, this has the added benefit of your bikini pictures not being harvested and showing up in Philippine p*rn sites.
- Strengthen your log-in passwords. Use a minimum of 12 characters using non word forming letters and numbers.
- Remember to Log-out of your Friendster Account after you use it – As suggested by Eric. Friendster’s cookies doesn’t seem to have an expiry date, hence not logging out will mean that the next person who uses the computer and accesses Friendster will be able to enter your account.
In the back of my mind I still can’t help but cast doubt as to the method used to hack the account. Looking at the perpetrator, she didn’t look like the type who would spend all day behind a computer trying to figure out a log-in password. Could it be that the passwords were harvested using a key stroke logger placed in a computer of an internet cafe? Definitely the Syndicate angle mentioned in the report would be more logical. The person caught looked more like a pawn or a bagman, easily cut loose and cast away when the plan goes awry.
On a personal note, I’m also saddened that the person was caught in my home town of Davao. Is this the price of cheap internet access (average Php 10-15/hr) and abundant free wifi connectivity in the city? Making it easier for crooks to get online and scam people?
In the end, we just all have to be vigilant.