Facebook friend stranded in Nigeria. Would you rescue them?

by Graham Cluley on November 10, 2008 | Comments Off

Filed Under: Facebook, Social networks

How many "friends" do you have on Facebook? Without checking on the site, would you know where they all are right now?

Would you know if Barney the lad who used to deliver the post at that office three jobs ago is currently on safari in Africa? Or if Alison the sexy PA to the CFO who you never quite managed to ask out for a drink is scuba-diving in the Mediterranean?

Even if it's a close friend, you're probably not keeping that close an eye on every movement they make - especially in the maelstrom of other status updates coming from your dozens if not hundreds of other contacts on the site.

So if suddenly your mate Adrian sent you a Facebook message saying he was stranded in Lagos, Nigeria, and in need of $500 for a ticket home you might well not instantly smell anything fishy.

That's what happened to Google Australia employee Karina Wells. According to reports, she was initially not suspicious of a Facebook message she received from her friend Adrian, but doubts grew as her correspondent began to use phrases like "cell phone" instead of "mobile phone" (note to our American readers: not all the world commonly use the phrase "cell phone") as he described how she could send him the emergency cash.

Wells was smart, and didn't send the money as requested via Western Union. Instead she contacted the authorities to make them aware of the attempted fraud.

But this is just the latest skirmish in an ongoing battle taking place between cybercriminals and Facebook users. We're seeing more incidents of unwanted adverts and malicious links being spammed to Facebook users from their friends' compromised accounts.

Emails from social networking sites are much more likely to get into our email accounts in the first place, since they don't have the obvious hints that botnet spam does (such as a known-bad sender IP address, or known-bad headers, or known-bad email construction) causing them to be filtered out.

But this incident is going one step further. We will no doubt see more electronic conmen using stolen Facebook identities to steal money directly from the innocent by posing as their online buddies, unless more people take greater care over securing their computers and personal data.

* Image source: Pshab's Flickr photostream (Creative Commons 2.0)

Tags: , ,

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.