Latest Facebook Scam: Phishers Hit Up "Friends" for Cash

Jason Kincaid
TechCrunch.com
Tuesday, January 20, 2009; 11:11 AM

One of the best things about Facebook is that you know who you're dealing with. You've verified every friend connection and nearly everyone has a collection of personal photos proving they're who they say they are. Now it looks like some scammers are using this trust to their advantage, hacking accounts and exploiting the wealth of personal information available to trick your friends into giving them cash. In the past Facebook has had its fair share of spam and phishers, but now it looks like these scammers are getting smarter by engaging in a form of identify theft.

Today we received a transcript from Rakesh Agrawal, President/CEO of SnapStream, that shows how the scammer dug through his friend Matt's profile to learn about his wife and children. Fortunately, he didn't do quite enough digging.

7:20am Matt: hi whats up?7:20am Rakesh: Hi Matt Everything OK?7:21am Matt well,im really stuck here in london i had to visit a resort here in london and i got robbed at the hotel im staying7:22am Rakesh ack? that's terrible. Sorry to hear it.7:22am Matt yeah,thanks we just want some helo flying back home7:23am Rakesh So why are you stuck there?'7:23am Matt all my money to get a ticket back home got stolen7:25am Rakesh I didn't understand this "we just want some helo flying back home"7:25am Matt help* actually i got some money wired to me to catch a flight back home but we still need $800 more to complete our ticket fee and fly back home7:26am Rakesh good Honestly, it sounds like someone's hacked your Facebook account and is using it to defraud your friends.7:26am Matt i have the money in my checking acct,i cant just access it from here this really me Lauren is here with me and my kids7:28am Rakesh your wife's name is on your profile page7:28am Matt what about my kids name?7:28am Rakesh in photos? how do we know each other? when did we meet?7:29am Matt from school

Rakesh writes that he does not know Matt "from school", and that he was blocked as soon as the impostor realized he was on to him.

There's really nothing Facebook can do about this from a technical standpoint - social engineering is essentially impossible to prevent once an account has been compromised. But an awareness program that emphasizes constant vigilance would be a good step: users need to remember that just because their friend's smiling face is sitting next to the chat window, that doesn't necessarily mean it's them.


© 2009 TechCrunch