Facebook 419 scam

Published August 10, 2009 by Sean

After having my Facebook account hacked last week, I thought I’d write some thoughts on how to be more aware of this sort of thing, and how to try and mitigate the impact.

Originally posted at http://www.houlihane.co.uk/blog

Scam profile

Mr X manages to find my facebook account profile, and starts opening chat windows with anyone he finds online.
Hi… I’m in big trouble… Need help… Got mugged last night at gunpoint… Need to get home and need to pay hotel bill… Thanks, that would be great… can you wire the cash by Western Union

Scam Detection

You might think noone would fall for this, but rest assured that it does not matter why people fall for it – if there wasn’t good money to be made through this scam people would not bother. It only takes one of the 30 people or so who are online falling for it, and that’s £50 or more made in the space of an hour… these guys are probably chatting to several people at once, and have a list of hacked accounts to work through.

  • If someone contacts you asking for money – phone them, email them, email their friends. Odds are, they are happily at work, and not travelling to some remote part of the British Isles.
  • Ask them about their partner, or make something up – you need to know if they really have a gf who’s a black-belt in tai-quan-do, but look for specific answers.
  • Verify their locality, ‘oh, you’ve visiting CJ in Scotland’ for example does not prove anything, but ‘I thought you were still in Iceland’ does. (assuming you know they wern’t, or it’s next month – needs to be incorrect, and end up not being corrected)
  • Western Union… lolz.
  • Check their FB page. Can you write on their wall, or have the settings been changed?
  • Check their blog, and anywhere else you would expect to find them online.
  • Discuss the problem with other people. Being scammed or mugged is not something to keep private, and if it is a genuine emergency, maybe someone else is better placed to help.
  • Actually, my bank offers an emergency cash service – it would be rare for me to be unable to find credit or draw funds
  • Action

    Facebook do have procedures for changing your password, or retrieving a hacked account. It might help if you know you always have access to another account who is your friend, e.g. at work, or a sleeping account. This will help you determine why you can’t log-on.

  • Change you password, and email password. (often the email has been hacked first to change the fb password)
  • Report the account as hacked, using this link which will result in the account being locked.
  • Publish and circulate the hacking attempt. Other people need to know.
  • Recovery

    Even once I regained access to my account, there was some cleaning-up to do. On order to prevent people spreading the work the hacker had:

  • Set wall to read-only, and only me
  • Deleted and blocked failed victim friends (so I couldn’t even see them to re-add them)
  • Added a mobile number to post even once I was back in
  • Maybe added trojan applications and granted permissions
  • Changed my page privacy settings to full lock-down, so I was unable to view once i was locked out
  • Preparation

    If you’ve got this far, you probably want to take a few steps to be more prepared to fend-off a hacking attempt.

  • Add offline mechanisms to update your facebook page even if you loose login rights.
  • Keep a phone list of emergency contacts in case you loose your phone, etc. Hide them on the web somewhere you can fine in an emergency. Encrypt them too.
  • Create cross-links between disparate groups of friends
  • Export your friends list
  • Back-up any valuable content on your facebook page. It could be lost forever if you get hacked.
  • Stash some emergency spons in the lining of your coat
  • Filed under Uncategorized

    Comments (0)

    Comments RSS - Trackback - Write Comment

    No comments yet

    Write Comment