VeriSign iDefense has discovered a hacker selling 1.5 million hacked Facebook profiles for sale on the black market. The profiles are going for $25 for 1,000 profiles with under 10 contacts, and $45 for 1,000 profiles with more than 10 contacts.
Why sell profiles? As you can see from the pricing, it’s all about the contacts. Hacked profiles give criminals the ability to advertise to trusting users. If you get a message from a Facebook friend telling you to click a link, you are more likely to do so than if you get an anonymous spam message in your email. This is what we call spear phishing, targeted campaigns that appear to be from trusted sources. Buy profiles for cheap, trick people into clicking on malicious links or buying junk like rogue antivirus software, and voila! the criminals rake in the profits.
Hacked profiles can also be used to harvest your personal information to crack security questions for juicier targets like your bank accounts. Many people falsely consider Facebook a private environment and post all sorts of information about themselves, their families and their backgrounds. If you post a cute picture of your dog Rover and the security question for your bank is “What is your dog’s name?” you’ve just given away important information.
Likely there are more than 1.5 million Facebook profiles for sale out there. Also for sale are LinkedIn and Twitter accounts, email usernames and passwords, and la creme de la creme, bank accounts and passwords. Even your computer’s processing power can be bought and sold under your nose. It’s a whole underground economy taking advantage of you.
How can you protect yourself? Strong passwords that are unique on every system, good quality security software, and common sense before clicking links. I also encourage you to avoid posting personal information on places like Facebook, be careful of the friend requests you accept, and adjust your privacy settings to maximum. Even so, plenty of people who follow all the rules fall victim. The scams get trickier and more difficult to expose. It’s important to stay educated about computer security, which is why you should subscribe to my free Tech Tips newsletter to keep on top of the latest news.