33-year-old Iain Wood stole £35,000 ($57,000) over two years from his neighbors by figuring out the answers to security questions on their bank accounts. The man befriended people living in his apartment block so that he could use their personal details posted on Facebook to get past online bank security checks.
"He said he had figured out how to access online bank accounts," prosecutor Neil Pallister said according to The Telegraph. "He would go on and say he couldn't remember the password and would be asked security questions about date of births and mother's maiden names and he was able to give correct details in some cases."
Wood logged into his victims' bank accounts by first claiming he had forgotten his password. Using clues gleaned from Facebook as well as a site called Friends Reunited, he would attempt to answer security questions to bypass the password requirement.
Wood was reportedly on his computer for 18 hours a day, hunting for personal information related to his neighbors. Since he targeted people living in the same block as him, he could intercept their mail. Wood would change the address details of victims' accounts and would withdraw cash with replacement cards he received in the post.
Some banks use two-factor authentication, meaning a randomly generated number is required along with personal details before cash transfers can be made. Changing your address, however, is rarely protected by two-factor authentication.
Wood, who was living in Newcastle, England, at the time of the offences, stole the money between June 2008 and June 2010, and used it for gambling. His scam was only discovered after he changed his system and transferred £1,500 ($2,500) from a neighbor's account directly into his own in November 2009.
The victim contacted police once he found that money was missing from his account. The police arrested him, but only believed that he had carried out his fraud on that single occasion. Then Wood asked them "Have you been on to me for a while?" This led to a search of his place, where it was discovered that he had several PIN numbers for bank accounts, a passport belonging to another person, bills, and other related paperwork.
Wood, who owns a carpet-fitting business, pleaded guilty to seven counts of false representation, asked for a further six similar offences to be considered, and also admitted possessing articles for the use in fraud. He was jailed for 15 months at Newcastle Crown Court.
During sentencing, Judge Guy Whitburn said: "This is the first time I've come across a sophisticated fraud such as this, it was very well planned, complex and clever. He was using other people's identities and there was a considerable breach of trust in assuming his neighbours' identities. It is an extremely bad deception on people in the same block of flats as he. People's blood runs cold when they see money taken from their accounts."
While this was a relatively complicated scam, it didn't require fake Facebook apps or malware-infested websites. This is a reminder that not only should you be careful of what you click on Facebook, but also whom you become Facebook friends with, as well as what you share on the social network. If you're giving out your personal details via social media, you really shouldn't use the same information to secure essential online services, such as banking.
- Experts: Facebook crime is on the rise
- Facebook con artist steals $366,000 from woman
- Facebook improves safety, security tools; experts not impressed
- How news of Japan’s earthquake, tsunami spread on Facebook
- Teenagers jailed for running "criminal equivalent of Facebook"