As more and more people use Facebook and other social networks, the probability that someone you know will be ensnared by a phishing email grows. Phishing, as it applies to this case, is when someone tries to steal your login credentials by sending you an email that looks like it’s from the network itself. The email will look like it was sent by Facebook but the links inside will go to another site that looks like Facebook, where you’ll unwittingly “log in” and give up your credentials.
This scam works because people are usually on guard when they get emails from their bank, though phishing for bank credentials still works more often than it should, but they aren’t as aware when they get an email from Twitter or Facebook (“Oh, Jim sent me a shotgun in Mafia Wars, must login to see!”). The only positive out of getting your Facebook account phished is that you don’t lose any financial information directly. That’s why scammers have turned to the “mugged abroad” scam. Once they get your account, they pretend to be you and contact everyone you know to tell them about your misfortune of being mugged while abroad.
Unfortunately, this preys not you but on your friends.
Just recently I had a run in with this scam as a friend of mine emailed me to say that he and his family had been mugged in London. I didn’t know this person all that well, more an acquaintance than a friend, but if the story were true I would’ve helped him out, which is what the scam preys on. Fortunately, I knew that he wasn’t in London so he couldn’t have been mugged there so I knew it was a scam from the get go. To see how it would play out, I tried to verify his identity (I knew his wife’s name and that they had no kids) using information I did know and the thief failed every test. I was already suspicious because I had heard of this scam before but I decided to see how this would play out.
I’m writing this with tears in my eyes,my family and I came down here to London,England for a short vacation unfortunately we were mugged at the park of the hotel where we stayed,all cash,credit card and cell were stolen off us but luckily for us we still have our passports with us.
We’ve been to the embassy and the Police here but they’re not helping issues at all and our flight leaves today but we’re having problems settling the hotel bills and the hotel manager won’t let us leave until we settle the bills.
Am freaked out at the moment.
Testing Your Friend
If you are ever emailed or IM’d from a friend claiming to have been mugged or is otherwise in distress, don’t ignore it. There is a small chance they actually were mugged or are in serious trouble and you don’t want to ignore them!
There are two things you must do in verifying someone’s identity without having them realize you’re verifying their identity:
- Ask them things you expect only them to know: This one is obvious but doesn’t work very well if you don’t know them very well. If you don’t know them well enough, you can ask them about people you know don’t exist… which is the next tip.
- Ask about fake things only they would know are fake: This acquaintance doesn’t have any kids, so I asked him how his kids were (“frazzled, but fine”); which was a clear indication that the person was a fraud. The person I know doesn’t have kids.
What can you do when you discover this? Tell your friend his account has been compromised and be sure to warn everyone else you think might have been contacted by the scammer. You may have verified that it’s a fraud but others may not have and so you want to protect them as well.
Have you ever seen this before? How did you react?