Online scam artists hacking friendships on Facebook and Messenger

Online scam artists hacking friendships on Facebook and Messenger

Online scams always happen to someone else … then I got the message from Greg. Who would have thought that he would try to scam me after a friendship of over 35 years?

Social media can make the world smaller and bring friends and scammers closer from around the world – like Greg. He is the father of a high school friend, the guy who introduced me to Monty Python, and a really nice person (his real name has been changed for this article). Then he moved, I moved, and there was a pause of a few years.

A friendly wave was the start

But yesterday, I got a friendly wave from Greg on Messenger and we started to chat. After a bit of small chat, where I spoke of travel plans and house repairs, he mentioned a US government grant program that he had just benefited from.

Just apply and get $100,000 for home and business improvements. 

It was so easy, All I needed to do was contact his friend on Facebook.

I begged off on his request, sent a picture of the house project I was busy with, and started to wonder: Has Greg got a touch of dementia? He was never a scammer.

 

Was it really my friend?

Another day, and another wave from Greg, reminding me to click on the link.

After finishing the home project and slowly rereading the messages, I got more suspicious. This reminded me of previous run-ins I’d had with Indian-based scam artists such as iYogi. There I had written down interaction notes and secondly, ordered a potential victim to get off the phone. It was time to do something like that again – even if it embarrassed Greg.

Google that opportunity

A quick googling of the main terms — Facebook scam, Messenger scam, government grant – into a search engine revealed two things. First, it was not Greg at all who was chatting with me. It was a criminal somewhere else, probably in Nigeria, who had likely hacked Greg’s account. In fact, there were several fairly recent articles posted about this scheme.

Oh no, wish I had not been so talkative. Second, this is an established scam where the criminals promise a large sum of money—it just takes a certain amount of your private data to fill in the forms and also around $1,500 to deliver the grant sums to your account.

Curiosity hacked the device

The link to Jack Bailey stood in Messenger, just waiting for a click from me, like Pandora opening that legendary box. What if the offer was real? Was Jack real? He looked real with a chin chiseled out of granite and a solid job in the State Department. What would happen if I clicked?

Instead of clicking, I looked for traces of Jack Bailey elsewhere: There was not a mention of him on LinkedIn or Facebook. Then I looked closer at the message and noticed a few things.

Look for red flags, not red tractors

Despite the same red tractor picture, Messenger was warning me that this was not coming from Greg’s usual accounts on Messenger and Facebook. Somehow, the crooks had hacked the account.

The name was also odd. It wasn’t Jack Bailey, it was “Jackbailey101.”

 

It’s a cyber Whack-A-Mole game

There are places on Messenger and Facebook to report such scams. But beyond shutting down Jack Bailey 101, it’s more important for people to realize that these schemes are always going to be out there and they should take some common-sense preventive actions. As Facebook mentions, two-factor authentication and not clicking on suspicious links are a start.

One important defense factor was not listed though – presence of mind. If I hadn’t been in the middle of a certain home construction project, I would have noticed a lot more suspicious details about the entire interaction.

Remember the Rule of Duck: If it looks like a duck, talks like a duck, and walks like a duck — it probably is a duck. If something looks a little fraudulent, sounds a little fraudulent — it probably is fraudulent.

Keep it real

Virtual friendships have their pluses and minuses – and scams are definitely on the negative side. This one made me realize how much I assume that the person I am chatting with really and truly is that person. And as for Greg, I’ll try to contact him directly about his account hack. And after no direct communication between us for a couple years, it’s time to talk. Really.

 

 

This post is also available in: German

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.