Email
RSS
Twitter
Facebook
| By Justin Smith | 13 Comments » |
Facebook has been investing heavily in security in recent years – especially in its crusade against the Koobface worm – but one new approach to phishing on Facebook may be cropping up.
In a blog post yesterday, SnapStream CEO Rakesh Agrawal published a transcript of a Facebook chat he had with Facebook friend Matt Finkelstein in which “Matt” asked him to wire money to help him buy a plane ticket and leave the place where he was supposedly stranded. However, Agrawal became suspicious, and had the wits to ask the person using his friend’s account a question that only his actual friend Matt would know. When “Matt” responded incorrectly, Agrawal knew that his real friend’s account had been compromised, and that he was indeed talking to a scammer. The scammer then cut off communication with Agrawal when s/he realized they had been found out.
This problem does not seem to be very widespread currently. When asked about this type of attack, a Facebook spokesperson told Inside Facebook:
This is a very low volume attack, affecting only a small number of users, but the potential impact to an individual user is high so we’re taking it very seriously. Our team has already detected various trends in the accounts of users who have been compromised. We’re using this data to quickly surface compromised accounts, ideally before the spammers have gotten very far. When we find compromised accounts or they are brought to our attention, we’re working to make sure the accounts get back to their rightful owners as soon as possible. First, we are disabling the account because, in some cases, the spammer has added a new contact email address and removed the old one. We then ask that the rightful owner to contact our user operations team via this contact form.
We’re reminding users to be very suspicious of anyone, even friends, who ask you over the Internet to send money. Please verify their circumstances through some other means than the web (e.g. call them or mutual friends). If you see something that looks amiss with any of your friend’s accounts, please report it to us through one of the contact forms on the site. These and other security tips can be found on our security page.
Facebook’s security staff has been employing a multi-pronged approach to prevent and fight fraud when it arises inside Facebook, consisting of both user education and investing in advanced automated fraud detection systems. Facebook’s continued investments in security are vital to the company’s future as it stewards enormous volumes of trust (and data) from its users.
Here’s the full transcript of Agrawal’s chat:
Matt
hi
whats up?7:20am Matt
hi
whats up?7:20am Rakesh
Hi Matt
Everything OK?7:21am Matt
well,im really stuck here in london
i had to visit a resort here in london and i got robbed at the hotel im staying7:22am Rakesh
ack… that’s terrible. Sorry to hear it.7:22am Matt
yeah,thanks
we just want some helo flying back home7:23am Rakesh
So why are you stuck there?’7:23am Matt
all my money to get a ticket back home got stolen7:25am Rakesh
I didn’t understand this “we just want some helo flying back home”7:25am Matt
help*
actually i got some money wired to me to catch a flight back home
but we still need $800 more to complete our ticket fee and fly back home7:26am Rakesh
good
Honestly, it sounds like someone’s hacked your Facebook account and is using it to defraud your friends.7:26am Matt
i have the money in my checking acct,i cant just access it from here
this really me
Lauren is here with me
and my kids7:28am Rakesh
your wife’s name is on your profile page7:28am Matt
what about my kids name?7:28am Rakesh
in photos?
how do we know each other? when did we meet?7:29am Matt
from schoolI do not know this guy from “school”… So when I responded and he figured out that I was on to him, he blocked me, etc. I tried emailing Matt at his e-mail address, but who knows if that address was his real address or not…
Exclusive In Depth Market Research Report on the Future of the Social Gaming Market from Inside Network
Download The Guide to Marketing Your Brand, Company, Product, or Service Inside Facebook
Strategic Facebook Platform Ecosystem Overview and Guide For Agencies & Brands
French / Français
Spanish / Español
Italian / Italiano
Exclusive In Depth Market Research Report on the State and Future of Virtual Goods in the US
Track Facebook's International Growth in 95 Global Markets with our Monthly Reports and Analysis
Inside Facebook analyzes 12 major Facebook marketing efforts from leading brands. Who comes out on top?
January 22nd, 2009 at 3:41 am
[...] Facebook blou olan http://www.insidefacebook.com da çıkan BU YAZIYA göre çalınan bir facebook hesabı üzerinden o kişinin arkadaşları ile iletime geçen [...]
January 22nd, 2009 at 2:01 pm
Wow, crazy…wllr
January 22nd, 2009 at 4:02 pm
I had the same thing happen, see transcript below. Thankfully the person who IM’d me is someone I rarely talk to, so I didn’t really fall for it:
2:19:14 PM Name removed: hello
2:19:23 PM Jason Throckmorton: hey!
2:19:30 PM Jason Throckmorton: how are you stranger?
2:20:23 PM Name removed: why do you call ma a stranger?
2:21:39 PM Jason Throckmorton: i don’t know, we haven’t talked in a while I guess
2:22:03 PM Name removed: you are right
2:22:28 PM Jason Throckmorton: how are things?
2:22:54 PM Name removed: al is not well with me right now
2:23:02 PM Name removed: to say the truth
2:23:37 PM Jason Throckmorton: oh no, what;s going on
2:25:39 PM Name removed: well i had to visit a resort in london on vacation and i was robbed at the park
close to the hotel where i lodged
2:26:24 PM Jason Throckmorton: that’s awful, are you ok?
February 8th, 2009 at 11:48 am
hi
February 11th, 2009 at 1:44 pm
Here’s my transcript.
2:01pm Ryan
hey
2:01pm Stephen
hi
2:07pm Ryan
how are you doing?
2:15pm Stephen
good, you?
2:15pm Ryan
not too good
2:18pm Stephen
why?
2:19pm Ryan
I’m stuck in london
2:19pm Stephen
there’s worse placed to be stuck
2:19pm Ryan
i was mugged at gun point and all cash on me were stolen including my credit card
2:19pm Stephen
oh, that sucks
2:19pm Ryan
It was a brutal experience and i really need your help
2:19pm Stephen
what can i do for you
2:20pm Ryan
i need you to loan me a few buck
2:20pm Stephen
how much
2:20pm Ryan
$670 i’ll refund it as soon as i get back home
2:21pm Stephen
let me call brandi and ill get right back to you. give me a few minutes
2:21pm Ryan
ok
2:29pm Stephen
i cant get a hold of her, i need to make a deposit before i can take care of it.
i should get a call back in a few minutes probably. how do you want me to send it?
2:30pm Ryan
through western union you can send it online…visit http://www.westernunion.com
2:31pm Stephen
ok, i just need to go pick up a check from a client and i should be able to go home and do it, it might be an hour or so.
2:32pm Ryan
You don’t need to reach home before sending it
You can send it on your way home by going to western union outlet
do you know any of their outlet nearest to you
?
2:33pm Stephen
i do, i have to deposit the check from home though. my bank is in texas, then i can do it online
2:34pm Ryan
Ryan Poe,London,United Kindom
ok
2:34pm Stephen
ok, ill get back on facebook when i get home and reconnect with you.
2:34pm Ryan
thats the details you need to send the money
2:34pm Stephen
got it
taking off now
2:35pm Ryan
I’m just letting you know that you can send in any western union outlet
i might not be online…so you can email the MTCN to my email address
hold on pls
patrsnog@operamail.com
got it
?
2:58pm Stephen
sorry, i just sent it to your regular email
2:58pm Ryan
really
have you send it
?
2:59pm Stephen
yeah, to your regular email
i sent you 700
2:59pm Ryan
ok
can i have the MTCN
3:00pm Stephen
hang on ill get it
3:00pm Ryan
ok
3:01pm Stephen
my email is down, just get it from your gmail account
3:02pm Ryan
I’ve check it and i couldn’t find it there
give me the MTCN
3:02pm Stephen
why are you in london anyway?
3:02pm Ryan
it should be on the receipt
3:02pm Stephen
i did it online, the receipt is in my email
i cant get in my email
but it sent it to your email
3:03pm Ryan
send it to my email tpoe@vt.edu
or patrsnog@operamail.com
did they give you any number
?
3:04pm Stephen
yes, i got the mtcn and sent it to the only email you ever use
3:05pm Ryan
i need you to give me the 10digit number
either you call western union for the number pls
3:06pm Stephen
it would be just as easy for you to call them, the money is in your name
not sure why you wanted it sent to ryan poe though, how are you going to pick it up? did you have your legal name changed to ryan?
3:06pm Ryan
call them now for the MTCN
call them now for the MTCN
ok
i still have my passport here with me and i need the MTCN # so that i can pick it up
3:08pm Stephen
your passport doesnt say ryan poe
3:09pm Stephen
remember last week they hassled you at the post office about trying to use ryan poe for your po box registration? how are you going to get western union to cooperate
3:10pm Ryan
Dude i have a passport on my name and i still have it here with me
so pls give me the MTCN
or you idding
kidding
?
3:11pm Stephen
i told you i sent it to your gmail, my email is down i cant retrieve it, i dont know how you can pick it up as ryan poe anyway unless you had your name legally registerd again, the post office wouldnt even let you open a box under ryan poe because your license doesnt say ryan poe
3:13pm Ryan
alright,can you call western union for the MTCN
i can access my gmail now thats why
3:13pm Stephen
seriously the money is there, im not sure where were breaking down on this
3:13pm Ryan
pls
i need to come back home asap
3:13pm Stephen
its in your name, you can call them or go to the western union desk
i know dude, the situation totally sucks
3:15pm Ryan
i can’t pick it up without having the MTCN with
3:15pm Stephen
the mtcn is in your name, just call them
its already sent
3:16pm Ryan
I guess you are kidding with me
let me look for help elsewhere
3:18pm Stephen
seriously, it’s there, just go pick it up, you dont need the mtcn if you have id, i dont know why you asked for me to send it to ryan poe though, im totally confused, your passort isnt going to work
3:18pm Ryan
it will
just send it and leave the rest for me
I’ll refund the cash once i get back home
3:19pm Stephen
hows it going to work, it doesnt say ryan poe?
i know you’re good for it, i just dont know how you can pick it up as ryan poe
3:20pm Ryan
it says
why are you freaking me out
3:20pm Stephen
not it doesnt dude, we just tried to open a post office box two weeks ago adn they wouldnt let you open one under ryan poe it had to be the name on your id
3:21pm Ryan
dude let me look for help eslewhere
wtf is wrong with you
3:22pm Stephen
what’s wrong with you, i know your desperate but seriously you’re not making sense asking me to wire it to ryan poe
3:22pm Ryan
Dude which name do you intend to wire it to
?
3:24pm Stephen
the name on your passport, i know you’re stressed, but they will only give it to gaylord poe. i know you hate that, but seriously, how are you going to go in there and show them a passport for gaylord poe and ask to pick up ryan poe’s money
i wish i could get the mtcn right now, but i cant get to it
3:25pm Ryan
ok
i will explain to them and i believe they will help me out with that
so pls provide MTCN
3:26pm Stephen
I CANT, seriously, its in my email, i sent it online
3:26pm Ryan
i know you haven’t sent it yet
Let me go
3:27pm Stephen
its in your gmail, whatever
3:27pm Ryan
and pls don’t you ever talk to me again in your life
3:27pm Stephen
i know your stressed out, but you have to work with me
3:28pm Ryan
don’t talk to me again
3:28pm Stephen
whatever idiot, im talking to you on the phone right now
Ryan is offline.
February 11th, 2009 at 6:25 pm
wah mesti hati – hati nih ..
February 11th, 2009 at 7:11 pm
[...] hanya masalah “kecil” yang menimpa sedikit pengguna layanan facebook. Berikut pernyataan juru bicara facebook saya kutip dibawah ini This is a very low volume attack, affecting only a small number of users, [...]
February 12th, 2009 at 4:59 am
[...] Facebook representative told the Inside Facebook blog: “This is a very low volume attack, affecting only a small number of users, but the potential [...]
February 17th, 2009 at 8:50 pm
[...] Security: Stolen Facebook Accounts Being Used to Phish for Money from Friends (insidefacebook.com) [...]
March 3rd, 2009 at 4:12 pm
[...] sont souvent de vrais amis). Alerté, Facebook a réagi en répondant au blog InsideFacebook.com (qui publie, au passage, la conversation d’un utilisateur, approché par un escroc [...]
October 23rd, 2009 at 12:13 pm
My friend just got his identity stolen in Facebook and wanted money from me!
I just was contacted by an old friend from NY from Facebook. He said that he was mugged at gun point in London with his friend Jessica, that the police will take 3 weeks for the investigation, that the U.S. Embassy has to wait untill the police report to do anything. His family was in vacation in FIJI and that His plane back to US leaving today. He urgently needed US$990.00 to pay hotel fees
I believe it was a scam because:1. He does not have much family left and they cannot afford such trips, 2. He refuses to answer a personal question. I try calling him but he didn’t answer. Later he replied to an email telling me that it wasn’t him.
Here is what the conversation went like:
Hey you there?
10:28 AM
Hi stranger.. how are you
10:28 AM
not too good at the moment
10:29 AM
why? I thought you were doing so much better
10:29 AM
am in a deep mess now
10:30 AM
what!
10:30 AM
am stuck in London as we speak
10:31 AM
omg.. tell me teh short version of the story
10:32 AM
got mugged at a gun point last night all cash credit card and cell phone were all gone
10:32 AM
i need help here
10:32 AM
who are you there with? vacation?
10:33 AM
am here with Jessica
10:33 AM
i need your help
10:33 AM
who is Jessica?
10:34 AM
she got mugged too?
10:34 AM
she is a friend
10:34 AM
yeah it was the both of us
10:34 AM
You should go to the police and then teh US embassy
10:35 AM
That is what they are there for
10:35 AM
how w else can I help you?
10:35 AM
i have been there all they can say is to wait for 3 week for investigation
10:35 AM
teh embassy too?
10:35 AM
how long are you staying there
10:36 AM
they must wait for the police before they can do anything
10:36 AM
dam that sucks
10:37 AM
how can I help you?
10:37 AM
my flight leaves in few hours time but having problem with my hotel bills
10:37 AM
i need a quick loan from you
10:37 AM
how much?
10:38 AM
all i need is $990
10:38 AM
whoahhh man I don’t have that money
10:38 AM
have you contacted Michael and any family member?.. I can help you with some
10:39 AM
they are all on a trip to fiji island
10:39 AM
and i left home without their awareness
10:40 AM
am freaked out here
10:40 AM
let’s tart making sure you are who you say you are. you know people use all types of internet scams to get money
10:40 AM
stop that
10:40 AM
am not here for that am freaked out here
10:41 AM
am not in the mood for joke okay?
10:41 AM
Dude I am not saying you are scamming me, I am saying someone is passing as you and try to scam me
10:41 AM
I AM NOT JOCKING!
10:41 AM
I am in IT I know how people steals others identity and get money
10:41 AM
so ready, I ask you some questions you answer
10:41 AM
fuke
10:42 AM
ok
10:42 AM
i understand you
10:42 AM
So when and were did we meet?
10:44 AM
Brian Aunchman signed off
October 23rd, 2009 at 12:23 pm
UPDATE: My friend is no longer in Facebook and because I was using Digsby for chat, I cannot confirm if it was Facebbok or Yahoo IM.
Still, BE AWARE!!
December 14th, 2009 at 12:41 pm
[...] Facebook a réagi en répondant au blog InsideFacebook.com (qui publie, au passage, la conversation d’un utilisateur, approché par un escroc ayant [...]