See a Facebook scam in action

Filed Under: Facebook, Social networks

Facebook icon

This caught my interest today.

Rakesh Agrawal, the CEO of SnapStream, a Texan software company, received a message on Facebook, supposedly from one of his friends - Matt Finkelstein. "Matt" told Rakesh that he was stranded in London, after he had his money and air tickets stolen and needed $800 to get home.

Fortunately, as you'll see in the transcript Rakesh published on his blog, he was suspicious and guessed that his friend's account had been broken into by a hacker.

Asking personal questions that only Matt or a close friend would know helped Rakesh uncover the truth, although it's clear that the scammer was able to derive some information (for instance, his wife's name) from the profile.

7:20am Matt
hi
whats up?

7:20am Rakesh
Hi Matt
Everything OK?

7:21am Matt
well,im really stuck here in london
i had to visit a resort here in london and i got robbed at the hotel im staying

7:22am Rakesh
ack... that's terrible. Sorry to hear it.

7:22am Matt
yeah,thanks
we just want some helo flying back home

7:23am Rakesh
So why are you stuck there?'

7:23am Matt
all my money to get a ticket back home got stolen

7:25am Rakesh
I didn't understand this "we just want some helo flying back home"

7:25am Matt
help*
actually i got some money wired to me to catch a flight back home
but we still need $800 more to complete our ticket fee and fly back home

7:26am Rakesh
good
Honestly, it sounds like someone's hacked your Facebook account and is using it to defraud your friends.

7:26am Matt
i have the money in my checking acct,i cant just access it from here
this really me
Lauren is here with me
and my kids

7:28am Rakesh
your wife's name is on your profile page

7:28am Matt
what about my kids name?

7:28am Rakesh
in photos?
how do we know each other? when did we meet?

7:29am Matt
from school

I do not know this guy from "school"... So when I responded and he figured out that I was on to him, he blocked me, etc. I tried emailing Matt at his e-mail address, but who knows if that address was his real address or not...

Rakesh was right to be suspicious, but how many other people would fall for this kind of confidence trick?

Interestingly, we're hearing more and more reports of this kind of scam taking place on Facebook, suggesting that many people may not have taken proper care over securing their accounts and choosing a sensible password.

,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.