Sophos Cloud Optix
Naked Security reader Tracy got in touch earlier today about a strange conversation she had had on Facebook.
A Facebook friend of hers had popped up via the instant chat feature. Tracy told us that the friend (whose name we have changed in the transcript below) was an old classmate from 30 years ago, that she had on her friends’ list but never interacted with at all.
The conversation went as follows:
[Hazel Phillips]
hey Tracy, you around?
[Tracy]
9:54pm
hi Hazel, how are you doing/[Hazel Phillips]
9:54pm
I want you to try something real quick[Tracy]
9:54pm
ok
[Hazel Phillips]
9:54pm
ok Tracy, try this test and lemme know what you get.. i can't get over like a 105, its pathetic [LINK]
[Tracy]
9:55pm
sure one sec here[Hazel Phillips]
9:55pm
lemme know what ya get plz, so far everyone beat me, except for Chris LOL be carfeful some of the questions are tricky ;-);-)[Tracy]
9:57pm
is it really you or some Facebook quirk?
test question, who was our teacher in grade 7?
Sorry to be suspicious but there are so many Facebook scams around, where you get links that look like they are from friends, but aren't
So, if you're you, you'll know which teacher had us making root beer in grade 4 :):)
Hazel is offline.
In her email to us Tracy explained why she was cautious about believing it really was her Facebook friend, and resisted clicking on the link:
"I was suspicious because it's the only time she's ever tried to talk to me, she doesn't appear to use FB much, she never responded to my "how are you doing?", and I am convinced that if she did try to talk to me the wording would have been more literate, having known her back in school. Then when I ask her the test questions she just goes off line. Hmm."
So, just what was going on?
Well, Tracy’s friend’s Facebook account has most likely been hacked, and scammers are using it to spread spam messages. Their hope is that by contacting users via the instant chat feature they might be able to trick more people into clicking on their links.
And seeing as the scammer didn’t reply to the “how are you doing?” message from Tracy, it’s possible that the messages are using an automated script.
And if you did click on the link, in this example, you would have been taken to a webpage purporting to be the “International High IQ Society”. A popup message on the page states:
An IQ Challenge was sent to you from:
Hazel Phillips
Think you can beat them?
[Accept/Decline buttons]
If you click accept, you are redirected through a number of different webpages. When we tried it, we ended up on a website called FlirtyMob.
which describes itself thus:
..FlirtyMob is a subscription service. Until you opt out, you have unlimited access to the chatroom charged 3GBP every 7 days plus operator standard data charges. To opt out..
Of course, it’s very possible that FlirtyMob is not behind the abuse of Facebook users’ accounts and is not aware of the spamming that has taken place. Indeed, if you clicked on the link from another part of the world you might have been taken to an entirely different website. Perhaps the spammers are earning affiliate commission from driving traffic to sites such as FlirtyMob.
It could have been worse, of course. We’ve seen examples in the past where Facebook users receive messages seemingly from friends stranded overseas, asking to have money wired to them as they have lost their passport, wallet and air tickets.
Fortunately, if you have your wits about you like Tracy did you’ll be able to quickly tell if a message which arrives out of the blue from a Facebook friend should be treated with suspicion. Hopefully her friend will also realise to better protect her Facebook account in future, too.
So treasure your memories of making root beer as a child at school – you never know how useful they will be one day.
If you’re a member of Facebook don’t forget to join the Sophos Facebook page to stay up-to-date with the latest security news and Facebook threats.
Thanks for all you do to keep us safe. I try to tell my friends what I know and find out….some listen, some don't. I fell for ONE, the next time it was causes (for which I am a sucker) and the link to support cancer victims was a scam, go figure.
It takes a smart person and lots of work to stay one step ahead of these crooks! Facebook was/is a comfort zone, like laying in your mom's arms, so sad that some have to do evil and ruin it for others. Unfortunately now I ignore ALL requests for everything. 🙁
I had exactly the same message/script from a distant friend of mine on Facebook a couple of months ago. I didn't click the link because something just didn't ring true. Glad I went with my instincts now! In future I'll use the 'childhood memory' idea too.
Much appreciation for this! A friend of mine on FB shared it. Gives me yet another reason I don't use the chat and block those application gifts and such. Who can forget the survey apps and sort too. Thank you for being on the watch for stuff like this! Keep up the good work!
I got this same thing (almost verbatim) through non-FB
instant messaging a while back. The ‘friend’
challenged me to beat his IQ then admitted he had only scored 105.
Sensing something fishy (texting shortcuts, boasting, word usage,
etc that my real friend would never use) I first put off the
‘friend’ saying I was busy but would try it in a
few minutes (all the while working on contacting my real friend
directly by phone so I was positive I had the right person), he
responded that he was going to get in the shower so he could be
‘squeaky clean’ for my reply. I even baited him
by talking about our ‘plans for tonight’ knowing
that I would not be seeing this friend in person in the near
future. Every post by me was met by some odd comment like
‘I’m going to jump in the shower now’ or
‘I’ll be squeaky clean when you’re done
with the quiz.’ Although I do frequently chat with this
friend via IM on his lunch hour, it was all very odd from the start
(he was using an account only accessed from home when I knew he was
working that day, odd language, etc) I’m positive it was a
script because every question by me was met with a comment that did
not answer it. Needless to say, I did not fall for it and alerted
my real friend that his e-mail/IM had been hacked.
I had the same conversation via MSN. I doubt it is only a script. It somewhat tried to persuade me to click that link until I asked “Are you a bot?” at which it replied “Yes! :D”. It was hilarious.
Anybody else notice how Tracy went from asking about a
teacher in the 7th grade to one from the 4th grade? Nice, Tracybot!
😉
Ha, Mugaboo. Tracy here. She was in both my 7th and 4th grade classes so I switched to asking her about 4th grade as I suddenly remembered her mentioning the root beer day, and the name of the teacher, when we chatted in person 2 years ago at a reunion. So I knew she'd have to remember that!!
Very clever move Tracy! This is a way to stop a lot of Facebook scammers. I remember one (link was somewhere on Naked Security) of a person who was met with a message of a person claiming to be deaf and wanted 'a relationship' and he stopped it by saying he was.
This is aka 'Hazel' from the above story and I too think Tracy was brilliant in asking those questions I would have known so well. I immediately changed my password. It seemed odd to be hijacked when I rarely use FB and I don't 'chat' ever (yet). There were quite a few other classmates that received random yet friendly messages from 'me'. Hopefully we have shut this one down. Really appreciate the feedback and info. Thanks and thanks Tracy!