Facebook fraud
One of our very own X-BAR clients was contacted last week through Facebook chat from a “friend” who was stranded in London and needed some money to get home. Tom agreed to share this to raise awareness about the potential for fraud and abuse in these new online communities that many of us use personally – and professionally – on a day-to-day basis.
While it’s easy to get lulled into a false sense of safety with social networking sites like Facebook and LinkedIn, keep in mind that it only takes one compromised username and password for somebody to masquerade as a trusted friend or colleague.
This is the actual transcript from his Facebook chat session (names altered/removed to protect the innocent). Kudos to Tom for having the presence of mind to ask a security question. The link he sent the scammer at the very end was easily found by searching for “Sector Hotel Kentish Town.”
Enjoy!
8:31am Jackie
hey
8:31am Tom
Hey you! What’s up?
Do you read me?
8:36am Jackie
not too good
8:36am Tom
About a 5-min lag there. Any better now?
8:37am Jackie
we stranded in London
got mugged at gun point last night
all cash,credit card and phone were stolen
8:37am Tom
Holy moly. Awful. Anything I can do for you from here?
Money / passport / etc stuff?
Where in LON did this happen?
I’m so sorry.
8:38am Jackie
it was a brutal experience but Thank God we still have our life and passports
8:39am Tom
And you think of LON as safe next to NYC, etc. ‘cos they don’t have guns so
much… but that’s false of course
8:39am Jackie
our return flight leaves in few hours but having troubles sorting out the hotel bills
8:39am Tom
Is hotel sympathetic? Where are you staying? THis wasn’t on hotel premises I hope
8:40am Jackie
i’m in a public library right now
wondering if you could loan me some few $$ to sort out the hotel bills and also take a cab to the airport
8:40am Tom
Where are you staying?
8:41am Jackie
i will definitely refund it back tomorrow
i’m in a public library right now
8:41am Tom
What hotel are you at though?
8:42am Jackie
Sector Hotel
8:42am Tom
Don’t know it… what neighborhood?
8:42am Jackie
Kentish Town
could you please loan me some few $$$ to sort out the hotel bills and also take a cab to the airport
8:44am Tom
I’m not sure how to transfer $$ from here. Can hotel not accommodate you? I am happy to get on phone iwth them… and cover your bill if need be… can you ring me?
8:45am Jackie
you can have it wired to my name via western union
do you know any western union outlet nearby?
8:45am Tom
None around here any more. What name would I use?
8:46am Jackie
can i have your email address so i can email you the western union details
8:46am Tom
Call me paranoid, forgive in advance, but I’m going to ask a security question.
What company were we both working for when we met?
8:47am Jackie
i know this sound strange but trust me i won’t be asking if i had any options left
8:48am Tom
Still there?
8:49am Jackie
yes
8:49am Tom
Answer question pls to prove you are who I think you are?
8:50am Jackie
if i wasnt the one i wont ask you to wire to my name as we both know i will need some kinda of identification before i get the cash at the bank
8:51am Tom
I think we’re done talking. You’ve obviously hacked my friend’s account or are using it w/o authorization.
8:51am Jackie
<Company name removed>
8:53am Tom
Tell me something you know about me that’s not obvious from Facebook profiles. What was our bureau chief’s name?
8:55am Tom
This link might interest you:
http://eliasbizannes.com/blog/2009/01/phishing-for-fraud-on-facebook/
So… [expletive deleted]..
8:57am Jackie is offline.
So glad you posted this. I was contacted with similar request this morning. My alarm bells went off when I couldn’t find the hotel online and when they really started pushing me for money.
When I saw this though, I let my ‘friend’ know and they miraculously went ‘offline’
Thanks again
Posted by S Jordan on 7 November 2009 at 5:11 am