Cybercrime is rapidly spreading on Facebook as fraudsters prey on users
who think the world's top social networking site is a safe haven on the

Lisa Severens, a
clinical trials manager from Worcester, Massachusetts, learned the hard
way. A virus took control of her laptop and started sending
pornographic photos to colleagues.

"I was mortified about
having to deal with it at work," said Severens, whose employer had to
replace her computer because the malicious software could not be

Cybercrime, which
costs US companies and individuals billions of dollars a year, is
spreading fast on Facebook because such scams target and exploit those
naive to the dark side of social networking, security experts say.


While News Corp's
MySpace was the most popular hangout for cyber criminals two years ago,
experts say hackers are now entrenched on Facebook, whose membership
has soared from 120 million in December to more than 200 million today.

"Facebook is the
social network du jour. Attackers go where the people go. Always," said
Mary Landesman, a senior researcher at web security company ScanSafe.

Scammers break into
accounts posing as friends of users, sending spam that directs them to
websites that steal personal information and spread viruses. Hackers
tend to take control of infected PCs for identity theft, spamming and
other mischief.

Facebook manages
security from its central headquarters in Palo Alto, California,
screening out much of the spam and malicious software targeting its
users. That should make it a safer place to surf than the broader
internet, but criminals are relentless and some break through Facebooks
considerable filter.

The rise in attacks
reflects Facebook's massive growth. Company spokesman Simon Axten said
that as the number of users has increased, the percentage of successful
attacks has stayed about the same, remaining at less than 1 per cent of
members over the past five years.

By comparison, he said, FBI data show that about 3 per cent of US households were burglarised in 2005.
"Security is an arms
race, and we're always updating these systems and building new ones to
respond to new and evolving threats," Axten said.

When criminal activity
is detected on one account, the site quickly looks for similar patterns
in others and either deletes bad emails or resets passwords to
compromised accounts, he said. Facebook is hiring a fraud investigator
and a fraud analyst, according to the careers section of its website.
But ultimately Facebook says its members are responsible for their own

"We do our best to
keep Facebook safe, but we cannot guarantee it," Facebook says in a
warning in a section of the site on the terms and conditions of use,
which members might not bother to read.
( "People implicitly trust social
networking sites because they don't understand the real threats and
dangers. It's like walking down the street and trusting everybody you
meet," said Randy Abrams, a researcher with security software maker

Amy Benoit, a human
resources manager in Oceanside, California, said she may stop using
Facebook altogether after she became entangled in a popular scam: A
fraudster sent instant messages to a friend saying that Benoit had been
attacked in London and needed $600 (Dh2,202) to get home.

Yale University last
week warned its business school students to be careful when using
Facebook after several of them turned in infected laptops.

One of the most
insidious threats is Koobface, a virus that takes over PCs when users
click on links in spam messages. The virus turned up on MySpace about a
year ago, but its unknown authors now focus on spreading it through
Facebook, which is struggling to wipe it out.

"Machines that are
compromised are at the whim of the attacker," said McAfee Inc
researcher Craig Schmugar. McAfee, the world's No. 2 security software
maker, says Koobface variants almost quadrupled last month to 4,000.

"Because Facebook is a
closed system, we have a tremendous advantage over e-mail. Once we
detect a spam message, we can delete that message in all inboxes across
the site," said Facebook's Axten.