Lectern

By Steve Kelman

Blog archive

A Facebook scam that almost caught me

Prediction for 2011:  Facebook scams will become larger in number and more sophisticated in content. 2010 was a "breakthrough" of sorts --  for me, at any rate, I stopped seeing Facebook as a spam-free zone where I could be trusting, a loss of trust that started when I received several friend requests from attractive young women I didn't know.
 
Late last year a Facebook friend started chatting with me on the Facebook's IM-type function. He said hi and I said hi back. He asked me if I was busy. I was working on something I was writing, so I wrote that I was pretty busy but hoped we could chat later. He then said he had recently taken an interesting quiz on which he had made a number of stupid mistakes and wondered if I could take it to see whether I made the same mistakes. He then sent me the link for the quiz.  I wrote back that I was busy and therefore couldn't take it immediately but I'd do it later and get back to him. He then wrote me repeating that he hoped I would take it and tell him which questions I got wrong so we could compare. I then went back to work, thinking I'd go back and check the quiz out later.
 
I didn't think about this whole incident too much again until later in the afternoon, when I suddenly asked myself whether this IM "chat" might have been a scam. The Facebook friend was in China, with only occasional Facebook access through the Great Firewall of China using proxy servers. The messages included an Internet link, a worrisome sign.
 
I sent this Facebook friend a conventional e-mail -- remember, the kind being rendered obsolete by texting and other instant messaging -- to ask whether he had chatted with me recently on Facebook. Within a day, the reply came back: He hadn't. The chat was a scam. Who knows what would have happened had I opened the link.
 
What made the scam plausible was, to some extent, that it appeared as chat and not a message, but above all that there was dialogue -- when I wrote something, responses came back. I now realize these responses were canned, but I didn't suspect that while the chat was occurring.
 
It was very lucky that I genuinely was busy when this link appeared and didn't have time to open it. Had I been less busy, I am almost certain I would have. The scam penetrated my defenses.
 
Any other readers been at the receiving end of convincing cyber scams -- Facebook or otherwise -- recently?

Posted by Steve Kelman on Jan 04, 2011 at 7:26 PM


Reader Comments

Tue, Jan 11, 2011

If you simply MUST use FB and such, set up a dedicated junk amchine in the corner used for nothing else, and use disposable addresses, and never put any private info on the machine or the web site. If it gets compromised, nuke it down to bare metal, and start over. Similar to what I tell people about having a 'parents only' PC for important stuff, and a kid machine for the promiscuous web surfing.

Tue, Jan 11, 2011 Safronia Reno, NV

About one year ago, several FB accounts were compromised. One of my 'cousins' came on the IM telling me she was broke down, been robbed and needed money. Said she was in Ohio and wanted me to wire her money for fare home. She had done her homework reading relatives and said she tried another cousin but they didn't answer. I called on the cell to the cousin she said she was, busted.

Fri, Jan 7, 2011 David L

To paraphrase a wise man: a "wretched hive of scum and villainy." Of course, he was not describing the Internet, but it is an apt description. We must always be on our guard, despite the best efforts of many to "protect" us from that which seeks to do us harm.

Fri, Jan 7, 2011 wam DC

Only the Text ma'am...
Use a text-only email client - PINE if on xNIX, an old Mozilla client with nothing on (No HTML, no auto execute, no display attachments in-line, etc...).

Firefox with NoScript (noscript.net). A simple, manual file scanner for attachments...

Ya know, back in the days (early 1980's) we had a saying:

"Practice Safe Hex"

Thu, Jan 6, 2011

I've seen a particular malicious one pop up on my machines, then my daughter's (in another city) and my husband's. A very plausible screen pops up that says you've been infected by malware -- do you want Norton (or MacAfee or Symantect) to clean it up? Click Yes or No. The scary part is that it displayed my unique folders such as you'd see on My Computer and named the particular antivirus software on the machine. I did not click Yes or No, instead I went to My Programs and clicked on MacAfee from there. MacAfee assured me I had no problems, so I assumed it was a new type of social engineering. My daughter was not so lucky. She clicked Yes and it must have then self-installed malware and took over her machine. We have Macs and PCs between us, different operating systems, different browsers etc.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

I agree to this site's Privacy Policy.