All Top Banking

Get Faced on Facebook!

Posted by John B. Frank Tuesday, November 11, 2008

Facebook users are being warned to watch out for Nigerian scammers masquerading as friends on the social networking site, after an Australian woman was sent a message asking for money from a conman who had hacked into her friend's account. 

Google employee Karina Wells (pictured on left) told the Sydney Morning Herald (SMH) she was sent a message from a friend's account which claimed he was stranded in Lagos, Nigeria, and asked her to send A$500 for a plane ticket.  She became suspicious when he used the term "cell" vs. her friend's normal use of the word "mobile" and turned the tables on the scammer.


Here's the original story in the Sydney Herald:


"Cyber criminals target Facebook users - Security - Technology - smh.com.au

Asher Moses
November 10, 2008 - 2:27PM

Facebook has been infiltrated by Nigerian scammers and other cyber criminals who use compromised accounts to con users out of cash.

Now that even non-tech savvy internet users know not to respond to, or click on links in, emails from strangers, online thieves have turned to social networks and are finding it is easier to trick people when posing as their friends.

On Friday, Sydney-sider Karina Wells received a Facebook message from one of her friends, Adrian, saying he was stranded in Lagos, Nigeria, and needed her to lend him $500 for a ticket home.

Adrian used relatively good English but, after chatting further, words such as "cell" instead of "mobile phone" tipped Wells off that she was not talking to her friend but someone who had taken over his account.

Using sites such as Facebook allows scammers to research and target victims more effectively and avoid having their messages blocked by spam filters, said Paul Ducklin, head of technology at Sophos Asia Pacific.  It is likely the scammer obtained Adrian's Facebook login details after he was infected with a virus delivered by email or in an infected web page.

There are a number of viruses which, once installed on a computer, send back to the hacker a detailed log of everything entered using the keyboard, including online banking details and passwords for services such as Facebook.

Wells played along with the scammer, who asked her to transfer the money into a Western Union account.  "Naturally I was concerned as, to all intents and purposes, this seemed to be legitimate," she said.  "I pretended that I would help, obtained all the details of where he was and forwarded them to both Facebook and the relevant authorities."

But while the Nigerian scammer used the compromised Facebook account coupled with social engineering tactics to try to convince Wells to hand over money, many are using compromised accounts to spread malware. 

Typically, the victim receives a Facebook message from a friend with a subject such as "LOL. You've been catched on hidden cam, yo" or "Nice dancing! Shouldn't you be ashamed?"  The body of the message contains a video clip link that appears to go to a legitimate site such as Facebook or YouTube but, when clicked on, it takes the user to a bogus web page.  Before the users can play the video they are told they need to download a video player upgrade, which is in fact a password-stealing virus. The next time the victim logs into Facebook the malware-laden message is sent to all of their friends and the infected link is automatically added in comments on friends' pages.

Other less sophisticated attacks on Facebook members use spam emails, some appearing to come from Facebook itself, to spread viruses.

In September security firm WebSense reported on spam emails, purportedly sent from an @facebookmail.com address, that tell the victim they have received an invitation from Facebook to add a friend.  "The spammers included a zip attachment that purports to contain a picture in order to entice the recipient to double-click on it. The attached file is actually a Trojan horse," WebSense said.

Reblog this post [with Zemanta]

0 comments

Post a Comment

Powered by Blogger.

Blog Archive

Search This Blog

Our Manufacturing Facility

Learn More About Us

Find out how our patented technology can empower your financial institution.

Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)

There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.

Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."

Total Pageviews

SLIM for PC or SmartPhone

SLIM for PC or SmartPhone
Click to Inquire

Chip and PIN eCommerce and Mobile

Chip and PIN eCommerce and Mobile
Click to Inquire

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers

Translate This Blog

BobCaps

Search ePayment News (example: NFC)

About Me

My photo
Named one of the best Payment Industry News Blogs 4 Years Running

Feedjit

My Zimbio