A man who used details posted on Facebook to break into the bank accounts of neighbours he had befriended on the site has been jailed for 15 months after stealing more than £35,000 over a two-year period.
According to widespread reports, Iain Wood, 33, ran the scam from June 2008 until June last year and was caught only when he become overly confident in his system and began directing money to his personal account, helping police to track him down.
Police were unaware that Wood had been stealing money for such a long time when they first confronted him. However, he reportedly asked whether they had been tracking him for a while, causing police to investigate further.
Prosecuting lawyer Neil Pallister said that Wood admitted spending hours trawling people's profiles on Facebook to discover information he could use to access their bank accounts, according to The Daily Telegraph.
"[Wood] said he would be on the computer 18 hours a day to find information about people on web sites such as Facebook and Friends Reunited," he said.
"He would say he couldn't remember the password and would be asked security questions about date of birth and mother's maiden name and he was able to give correct details in some cases."
Wood then intercepted mail such as replacement cards which he used to withdraw cash.
In passing sentence, judge Guy Whitburn said that the scam was "very well planned, complex and clever", and had a serious effect on his victims.
"He was using other people's identities and there was a considerable breach of trust in assuming his neighbours' identities," he said.
"It is an extremely bad deception on people in the same block of flats as he. People's blood runs cold when they see money taken from their accounts."
Sophos senior technology consultant Graham Cluley said that individuals and banks need to take extra precautions to guard against fraud.
"As individuals we need to be more careful about the information we share on social networks and the password reminder questions and answers we choose on web sites," he said.
"But we should also be calling on our online banks to put higher levels of protection in place to reduce the chances of fraudsters accessing our accounts."
The best Black Friday tech bargains out there
Russell Group slammed for misusing student data in donation campaigns
Linus Torvalds is unhappy with current approaches to Linux security
Bug prevents ASLR from randomising location of important data