How to trap a Facebook fraudster

I love this.

Meng Wong, one of the chaps who lead the creation of Sender Policy Framework (SPF) a few years back, recently found himself on the receiving end of a Facebook “stranded in a foreign city” scam.

I’ve discussed these kind of scams on the Clu-blog before. Essentially you receive a Facebook message from a friend, who says that he’s been mugged in a foreign country and needs you to wire him some cash.

In fact, your friend’s Facebook account has been broken into by a hacker, and they are using personal information from your friend’s profile to try and fool you into believing that they are legitimate.

It’s amazing how people will believe a messages sent via a social networking site much more than email.

A week or so ago, Wong received just such a message from a Facebook friend claiming to have been mugged in London. He’s published the whole transcript on his blog (it’s worth reading as it’s pretty funny).

But what I particularly enjoyed was Wong’s piece de resistance – tricking the scammer into visiting a page on his website, so he could find out the IP address of the hacker’s computer and determine that it was in Nigeria.

Meng Wong's entraps a Facebook fraudster

That’s a clever way to entrap a Facebook fraudster.

Of course, if you’re not up to that kind of sneakiness to snare a suspected bad guy, you could always try my other method. If a friend emails or instant messages you saying that they are in dire straits and need help, tell them to give you a phone number that you can call them on. That way, you should be able to tell pretty quickly if it really is your friend – or someone who has hijacked their web account.

Addendum: Clu-blog reader John dropped me a note to remind everyone to make sure that they are not ringing an international premium rate number if you do follow the “communicate with your ‘friend’ using your mouth, rather than via email” suggestion.