| 
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Stop wasting time looking for files and revisions. Connect your Gmail, DriveDropbox, and Slack accounts and in less than 2 minutes, Dokkio will automatically organize all your file attachments. Learn more and claim your free account.

View
 

FacebookScam

Page history last edited by Marc Freedman 9 years, 11 months ago

 

Facebook Scam & Identify Theft


What happened to me

On Tue Dec 23 2008 I ( MarcFreedman ) was the victim of identify theft. My Facebook account was hijacked. I do not know how the password was obtained or the account was otherwise broken into. People have suggested phishing web sites, virus, keylogging software, though I don't believe any of this happened in this case.

 

I was alerted by a phone call from one of my contacts. The thief (or rather one of multiple thieves) sent instant messages to my contacts who were online claiming that I was robbed, stranded in London, and needed money to return to the US. While a number of people though this was fishy, the thief was sufficiently compelling that half a dozen people sent from $400 to $600. A few other people tried to send money but weren't successful for various reasons. A few (surprisingly few) directly contacted me by email or phone to validate the Facebook claim.

 

This con was well planned. My email addresses and passwords were changed. Friends or posts that complained or alert others to the con were removed. It was timed right before Xmas eve when I might be away (fortunately I wasn't) and Facebook service would be on break. It appears that several people were involved based on the amount of messages and IMs they sent from my account (and I’m sure many other compromised ones).

 

I complained to Facebook immediately as did several people contacted by the the thieves. It took Facebook two days to remove my account.

 

I posted the scam to my LinkedIn networking forum -

http://finance.groups.yahoo.com/group/MyLinkNetwork/message/620 . In addition I sent an email blast to all my business contacts as I didn't have access to or a copy of my Facebook friends.

 

A chat with the fraudsters

Here is the facebook IM conversation I had with them:

 

8:13am Marc

Hello

 

8:31am Zac

hi

 

8:32am Marc

i'm stuck in london

 

8:32am Zac

ouch

 

8:33am Marc

i was robbed at the hotel where i lodged

all my money was stolen

my cresit card was too

 

8:33am Zac

omg. that sucks!

 

8:33am Marc

this made me stuck here becasue i dont have all the money i need to

get a flight ticket back home

 

so now

 

i'm trying to raise some money to get home becasue i want to leave

here for home today by all means

 

8:36am Zac

ouch. i wish i could help but I got laid off from TI 2 month ago and

have nothing to spare at the moment.

 

8:37am Marc

ouch...well

thanks anyway for your concern

 

8:38am Zac

yeah, anything else I can do, I would love to help

 

8:39am Marc

right now, the only help i need is financial help and nothing more

 

8:40am Marc

but man, as it is, whatever amount i'm asking, i will pay you back as

soon as i get back home

 

i promise

 

so it's not like you are losing it

 

Identity is increasing and sadly common

The following is just from my small network.

 

Mel S

Same thing happened to me about 6 weeks ago - it took me about 2 1/2 weeks to get my account back.

 

Bryan D

My girlfriend's facebook was hacked earlier this month. It was because of a phishing website, so be careful!

 

Ken H

It happened to a friend of mine, Norma B in Arizona, I got one of the emails, fortunately I called her to see if she was in London, and of course she wasn’t.

 

Stan Relihan

I'm not a member of Facebook & had no intention of joining - however, last week, my daughter has pointed out to me that someone has set up a 'Stan Relihan' account on Facebook (although so far, only the name) - so evidently I am being positioned for an attack similar to the one you've recently experienced.

 

Allen Beuershausen

 

I chatted with your scammer last night. He tried to hit me up for cash to "get back home from London after being robbed". He started off by sending me a bogus friend suggestion from a good friend of mine the day before. I "friended" you (actually him/her) because the friend who supposedly recommended you is someone I trust a great deal. I saw through the scam and sent him/her nothing. The story was good, but there were some obvious holes in it.

 

I don't want this to happen to me, so I went online to do some research on Facebook hacks. What I found is that there is a sub-culture of low-lifes dedicated to Facebook hacks, among others. Hotmail is quite vulnerable too. Another friend of mine learned this recently. His Hotmail account was compromised, and the scammer said he needed about $4,500 to get back from Malaysia. I knew that to be completely untrue. The scam was almost identical to the one involving you. (By the way, in his case, the scammer changed his password and locked him out, so it took him two weeks to be able to warn the people in his contact list, thanks to Hotmail's apathy. Apparently, this is standard operating procedure for hackers.) 

 

Here is a link that might help you avoid it in the future, or at least make it more difficult for someone to hack you: http://answers.yahoo.com/question/index?qid=20081207142748AAGtK5u Let's just say that virus and key logger scans are key.

 

Protect Yourself

 

Open Networkers

  • Use separate email addresses for work, personal, networking.
  • Use disposable email addresses, especially for your networking address. Such as webmail or from a domain you own and control.

 

Practice Safe Internet

  • Make sure you have the latest version for your browser and email.
  • Use anti-virus software.
  • Don't click on email attachments you don't trust, especially any executable or similar file (ends in .exe, .bat, .com, .zip).
  • Be suspicious (such as email from your bank or other provider about verifying your account, order, or transaction).
  • Use smart passwords (long, mix characters and numbers, nothing personal, change regularly)

 

Own and Manage Your Network

Online identify theft works because there of the anonymity that exists over the Internet. The more you know about your contacts and the easier you can contact them, the better you can protect yourself, whether your identity is stolen or you are solicited by another.

 

  • Own your contacts. Don't rely on an external service that can be hacked as the only source. Make sure to back them up.
  • Central address book. Centralize, tag, and manage your contacts so you have one place to quickly turn to find and contact someone.
  • Advanced address book. Ideally your address book or information manager contains more than contacts. Use it to store notes and message so you can easily verify the identify of people
  • Relationships, not contacts. Proactively and regularly stay in touch with your contacts. When you've talked to people and exchanged personal and custom messages, you know them far better and can easily separate the fake from the real person.

 

Recommended provider - http://wemeus.com

 

Articles and Blogs

Marc Freedman Interview with Stan Relihan

http://www.tinyurl.com/MarcFreedman2

Latest Facebook Scam: Phishers Hit Up "Friends" for Cash

http://www.techcrunch.com/2009/01/20/latest-facebook-scam-phishers-hit-up-friends-for-cash/

Fears of impostors increase on Facebook

http://www.cnn.com/2009/TECH/02/05/facebook.impostors/index.html?iref=mpstoryview

Cyber ID theft concern as 'space faking' soars

http://www.smh.com.au/news/technology/security/space-faking-soars/2009/01/03/1231003815190.html

Fake LinkedIn Profiles Spread Malware

http://news.softpedia.com/news/Fake-LinkedIn-Profiles-Spread-Malware-101370.shtml

Protecting your network

http://www.michaeljzimmer.com/group/whitesquallbookandtraining/forum/topics/protecting-your-network

LinkedIn pages that promise prurient pics link to malware

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=332205

Hackers target celebrities' web accounts

http://www.smh.com.au/news/technology/web/kanye-west-latest-victim-of-password-hackers/2009/01/27/1232818396341.html

Even PhD professors get scammed

http://www.elliott.org/blog/can-this-trip-be-saved-email-scam-cost-me-6600-can-you-get-it-back/

 

Comments (0)

You don't have permission to comment on this page.