Latest Facebook Scam: Phishers Hit Up "Friends" for Cash

One of the best things about Facebook is that you know who you’re dealing with. You’ve verified every friend connection and nearly everyone has a collection of personal photos proving they’re who they say they are. Now it looks like some scammers are using this trust to their advantage, hacking accounts and exploiting the wealth of personal information available to trick your friends into giving them cash. In the past Facebook has had its fair share of spam and phishers, but now it looks like these scammers are getting smarter by engaging in a form of identify theft.

Today we received a transcript from Rakesh Agrawal, President/CEO of SnapStream, that shows how the scammer dug through his friend Matt’s profile to learn about his wife and children. Fortunately, he didn’t do quite enough digging.

7:20am Matt:
hi
whats up?

7:20am Rakesh:
Hi Matt
Everything OK?

7:21am Matt
well,im really stuck here in london
i had to visit a resort here in london and i got robbed at the hotel im staying

7:22am Rakesh
ackā€¦ that’s terrible. Sorry to hear it.

7:22am Matt
yeah,thanks
we just want some helo flying back home

7:23am Rakesh
So why are you stuck there?’

7:23am Matt
all my money to get a ticket back home got stolen

7:25am Rakesh
I didn’t understand this “we just want some helo flying back home”

7:25am Matt
help*
actually i got some money wired to me to catch a flight back home
but we still need $800 more to complete our ticket fee and fly back home

7:26am Rakesh
good
Honestly, it sounds like someone’s hacked your Facebook account and is using it to defraud your friends.

7:26am Matt
i have the money in my checking acct,i cant just access it from here
this really me
Lauren is here with me
and my kids

7:28am Rakesh
your wife’s name is on your profile page

7:28am Matt
what about my kids name?

7:28am Rakesh
in photos?
how do we know each other? when did we meet?

7:29am Matt
from school

Rakesh writes that he does not know Matt “from school”, and that he was blocked as soon as the impostor realized he was on to him.

There’s really nothing Facebook can do about this from a technical standpoint – social engineering is essentially impossible to prevent once an account has been compromised. But an awareness program that emphasizes constant vigilance would be a good step: users need to remember that just because their friend’s smiling face is sitting next to the chat window, that doesn’t necessarily mean it’s them.