{"id":779,"date":"2009-10-01T10:32:25","date_gmt":"2009-10-01T08:32:25","guid":{"rendered":"http:\/\/www.ofcourseimright.com\/?p=779"},"modified":"2009-10-01T10:32:25","modified_gmt":"2009-10-01T08:32:26","slug":"beware-facebook-scams-protect-yourself","status":"publish","type":"post","link":"https:\/\/ofcourseimright.com\/?p=779","title":{"rendered":"Beware Facebook Scams!  Protect yourself!"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-26\" style=\"margin: 4px;\" title=\"Cybercrime\" src=\"http:\/\/www.ofcourseimright.com\/blog\/wp-content\/uploads\/2008\/06\/cybercrime.jpg\" alt=\"Cybercrime\" width=\"96\" height=\"132\" \/>As Facebook now <a href=\"http:\/\/www.techcrunch.com\/2009\/09\/15\/facebook-crosses-300-million-users-oh-yeah-and-their-cash-flow-just-went-positive\/\">has more accounts<\/a> than there are people in the United States, it should come as no surprise that it is possible to break into some of those 300 accounts.\u00a0 This happens.\u00a0 Well, what happens next when an attacker breaks into a Facebook account?\u00a0 Several things are likely.\u00a0 First, the attacker will retrieve as much information about the individual <strong>and his or her friends<\/strong> as possible.\u00a0 There are several key pieces of information that prove valuable:<\/p>\n<ul>\n<li>Birthday and Hometown are enough information for an attacker <strong><a href=\"http:\/\/www.ofcourseimright.com\/?p=731\">to reliably predict social security numbers of people born after 1989<\/a><\/strong>.\u00a0 You can hide this information from your profile by going to your profile, clicking on the little box in the upper right of the Information tab, and deselecting birthday and home town.<\/li>\n<li>Email address is useful to feed into a phishing\/spam engine.<\/li>\n<li>Telephone # and IM account information is enough to either use or sell to other scammers.<\/li>\n<\/ul>\n<p>Next, an attacker may try to directly contact friends to scam money out of them.\u00a0 While such attacks are unlikely to take the form of a <a href=\"http:\/\/en.wikipedia.org\/wiki\/419_scam\">419 scam<\/a> where the attacker tries to play on greed, they will more likely play on peoples&#8217; sympathies.<\/p>\n<p>Here is an example:<\/p>\n<p style=\"padding-left: 30px;\">0Wn3d Friend: Hey<br \/>\n0Wn3d Friend: How are you doin?<br \/>\nTarget: good evening, Friend!<br \/>\nTarget: i&#8217;m doing well, and you and your family?!<br \/>\n0Wn3d Friend: Not too good<br \/>\nTarget: oh?<br \/>\n0Wn3d Friend: We are in a very deep mess<br \/>\n0Wn3d Friend: Glad you are here<br \/>\nTarget: what happened?<br \/>\n0Wn3d Friend: We are stranded in London England<br \/>\nTarget: WHAT?!\u00a0 how so?<br \/>\nTarget: where?<br \/>\nTarget: (in london)?<br \/>\n0Wn3d Friend: <strong><span style=\"color: #ff0000;\">Kentish Town<\/span><\/strong><br \/>\n0Wn3d Friend: We got mugged on our way back to the hotel <strong><span style=\"color: #ff0000;\">at a gun point<\/span><\/strong><br \/>\nTarget: oh geez<br \/>\nTarget: have you gone to the police?<br \/>\nTarget: do you have a phone?<br \/>\n0Wn3d Friend: <span style=\"color: #ff0000;\">Yes,We were able to file a report to the cops and that is been Investigated<\/span><br \/>\n0Wn3d Friend: They made way with all we got here<br \/>\n0Wn3d Friend: Cash,bank cards and also the cell phone<br \/>\nTarget: ok.<br \/>\nTarget: i have a few friends outside of london.\u00a0 are you in a hotel?<br \/>\n0Wn3d Friend: Yes<br \/>\nTarget: do you still have your passports?<br \/>\n0Wn3d Friend: Yes,I&#8217;m still safe with the Passport<br \/>\nTarget: ok.\u00a0 how long are you supposed to be in London?<br \/>\n0Wn3d Friend: That has been the problem<br \/>\n0Wn3d Friend: I seriously need your urgent help getting back home<br \/>\nTarget: what hotel are you in?<br \/>\n0Wn3d Friend: <strong><span style=\"color: #ff0000;\">Sector Hotel<\/span><\/strong><br \/>\n0Wn3d Friend: I have a flight back home in the next 3hrs but the hotel management won&#8217;t let go<br \/>\nTarget: do you have the hotel&#8217;s address &amp; phone #?<br \/>\n0Wn3d Friend: <strong><span style=\"color: #ff0000;\">I don,t have the #<\/span><\/strong><br \/>\nTarget: i&#8217;ll need an address<br \/>\n0Wn3d Friend: 151 Kentish Town Road, London, NW5 2CG<br \/>\n0Wn3d Friend: I&#8217;m having problem with the hotel on the bills<\/p>\n<p>What happens next is that the attacker asks for a credit card.<\/p>\n<p>So how do you know it&#8217;s a scam?\u00a0 First, Amazingly, Google is your friend.\u00a0 If you enter just a few details from this example, you&#8217;ll see that Kentish Town and the Sector Hotel show up as a scam. The other odd thing about this exchange is that the person claims to have been mugged at gun point in London.\u00a0 I&#8217;m not saying it doesn&#8217;t happen, but it&#8217;s rare.<\/p>\n<p>More importantly, ask yourself why this friend is contact you, and not calling a relative for help.\u00a0 To be sure, if this person really is a friend, you should already have a phone number for that person.\u00a0 Call him or her, but do not rely on contact information from the attacker.\u00a0 Calling a number they give you can cause you to lose a lot of money.\u00a0 If they answer the phone and have no idea what you&#8217;re talking about, you know it&#8217;s a scam.\u00a0 If they don&#8217;t answer, call a relative of theirs or ask for more details.\u00a0 In this case the person said they filed a police report.\u00a0 Get the report number from the person, name of an officer who took the report, and independently call the police.\u00a0\u00a0\u00a0 Do not rely on anything in the facebook profile of the friend.\u00a0 You should assume the attacker has already manipulated all of that information.<\/p>\n<p>Most importantly, <strong>never<\/strong> send credit card information over the network in such circumstances.<\/p>\n<p>Ok, so you&#8217;ve figured out it&#8217;s a scam.\u00a0 Congratulations!\u00a0 What do you do next?\u00a0 Report it, and fast.\u00a0 Facebook is pretty responsive when it comes to shutting down accounts.\u00a0 In one case I&#8217;ve reported, they reacted within 10 minutes.\u00a0 To report abuse on facebook, click on <strong>Help<\/strong> at the bottom of the page, and right at the top you will find the following:<\/p>\n<h2>Hacked accounts and spam<\/h2>\n<p>Click on that text, and it will help you report the information.\u00a0 You will need the URL of the profile of the friend who you are reporting.\u00a0 To get this, type the friend&#8217;s name in the search bar.<\/p>\n<p>Don&#8217;t feel bad that you are reporting a friend, either.\u00a0 This is a case where your friend is being maliciously used, and you are doing your part to putting an end to it.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As Facebook now has more accounts than there are people in the United States, it should come as no surprise that it is possible to break into some of those 300 accounts.\u00a0 This happens.\u00a0 Well, what happens next when an attacker breaks into a Facebook account?\u00a0 Several things are likely.\u00a0 First, the attacker will retrieve &hellip; <a href=\"https:\/\/ofcourseimright.com\/?p=779\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Beware Facebook Scams!  Protect yourself!&#8221;<\/span><\/a><\/p>\n","protected":false},"author":172,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30,11,9],"tags":[269,259,222,37,270],"class_list":["post-779","post","type-post","status-publish","format-standard","hentry","category-humanity","category-internet-consumer-identity","category-security","tag-break-in","tag-crime","tag-facebook","tag-privacy","tag-scams"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/779","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/172"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=779"}],"version-history":[{"count":3,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/779\/revisions"}],"predecessor-version":[{"id":782,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/779\/revisions\/782"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=779"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=779"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=779"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}