Naked Security reader Tracy got in touch earlier today about a strange conversation she had had on Facebook.
A Facebook friend of hers had popped up via the instant chat feature. Tracy told us that the friend (whose name we have changed in the transcript below) was an old classmate from 30 years ago, that she had on her friends' list but never interacted with at all.
The conversation went as follows:
hey Tracy, you around?
hi Hazel, how are you doing/
I want you to try something real quick
ok Tracy, try this test and lemme know what you get.. i can't get over like a 105, its pathetic [LINK]
sure one sec here
lemme know what ya get plz, so far everyone beat me, except for Chris LOL be carfeful some of the questions are tricky ;-);-)
is it really you or some Facebook quirk?
test question, who was our teacher in grade 7?
Sorry to be suspicious but there are so many Facebook scams around, where you get links that look like they are from friends, but aren't
So, if you're you, you'll know which teacher had us making root beer in grade 4 :):)
Hazel is offline.
In her email to us Tracy explained why she was cautious about believing it really was her Facebook friend, and resisted clicking on the link:
"I was suspicious because it's the only time she's ever tried to talk to me, she doesn't appear to use FB much, she never responded to my "how are you doing?", and I am convinced that if she did try to talk to me the wording would have been more literate, having known her back in school. Then when I ask her the test questions she just goes off line. Hmm."
So, just what was going on?
Well, Tracy's friend's Facebook account has most likely been hacked, and scammers are using it to spread spam messages. Their hope is that by contacting users via the instant chat feature they might be able to trick more people into clicking on their links.
And seeing as the scammer didn't reply to the "how are you doing?" message from Tracy, it's possible that the messages are using an automated script.
And if you did click on the link, in this example, you would have been taken to a webpage purporting to be the "International High IQ Society". A popup message on the page states:
An IQ Challenge was sent to you from:
Think you can beat them?
If you click accept, you are redirected through a number of different webpages. When we tried it, we ended up on a website called FlirtyMob.
which describes itself thus:
..FlirtyMob is a subscription service. Until you opt out, you have unlimited access to the chatroom charged 3GBP every 7 days plus operator standard data charges. To opt out..
Of course, it's very possible that FlirtyMob is not behind the abuse of Facebook users' accounts and is not aware of the spamming that has taken place. Indeed, if you clicked on the link from another part of the world you might have been taken to an entirely different website. Perhaps the spammers are earning affiliate commission from driving traffic to sites such as FlirtyMob.
It could have been worse, of course. We've seen examples in the past where Facebook users receive messages seemingly from friends stranded overseas, asking to have money wired to them as they have lost their passport, wallet and air tickets.
Fortunately, if you have your wits about you like Tracy did you'll be able to quickly tell if a message which arrives out of the blue from a Facebook friend should be treated with suspicion. Hopefully her friend will also realise to better protect her Facebook account in future, too.
So treasure your memories of making root beer as a child at school - you never know how useful they will be one day.
If you're a member of Facebook don't forget to join the Sophos Facebook page to stay up-to-date with the latest security news and Facebook threats.