November 16, 2019

Social Media Impersonations on a rise

HISTORY OF THIS SCAM

Yesterday, I received what appeared to be a Facebook connection request via Facebook Messenger. At first, it appears somewhat legit but fishy at the same time.

Some red-flags were the following:

  • Not my friend’s writing style
  • Appeared to be an older picture

When I began digging further, I know I was connected with this person but this profile was not connected (friended).

Almost immediately the messaging went requesting information from me. Not only did I receive a message from her account, I also received a Facebook message from her husband’s account requesting similar content.

This is where I began to suspect their accounts were hacked.

The first message from the hacker, “good to hear from you. I saw your name on CDBG list, have your heard about them yet?”. I have never head of this list and never signed up for any list. This is when I began to suspect.

Next I contacted my friend via mobile phone. They did not pick up. I immediately received a reply text stating they would call me back. At this point, I am suspecting their mobile phone and Facebook were both hacked so I called their home phone. Yes, they still have a home phone. At this point, they did not answer.

Meanwhile, my conversation with “them” began to progress. The next thing they replied was, ” I got 100,000 from them and I saw your name on the list of beneficiaries when I was told to sign, I thought you should have received yours, do you know how to contact the claiming agent to claim yours? “

This was more than enough confirmation of the scam and where this extortion would go.

Next, I received confirmation from my friends they were unaware their account was hacked and have not received any other ‘complaints’ from their other friends about this occurring.

Digging into this further, I found there is a scam.

Facebook Scam – Community Development Block Grant Officer Brent Sutton from Southern View Police Department · 1 May 18 URGENT FRAUD NOTIFICATION: Southern View Police officers are taking reports of scams on unsuspecting victims. In the latest report, the scammers are posing under the Facebook page name “Community Development Block Grant.” They promise you a package of $100,000 if you send them the money needed to pay FedEX to deliver your money. In this case, its nearly $7,000. This is typical scammer activity. In every text of the victim’s Facebook messenger, the individual refers to them as “Madam ___.” The CDBG page itself appears to be official, however, they have very little activity just in the last 8 years. They only posted enough cover photos to appear official so you won’t question its legitimacy. They also seem to be in a hurry to get your money. The area code listed is in California. This is not local. These are RED FLAGS!! Please, cease any bank activity if you’ve received this notification and tried to pay them. As always, if you feel you have been scammed in such a way, please call 217-753-6666 to file a report. 1 May 18 · Subscribers of Southern View Police Department in Crime & Safety

I AM A VICTIM…WHAT CAN I DO

If you have sent any money to these scammers, call your local police department immediately.

Contact Facebook. Here is more information on how to contact Facebook regarding this scam.

CONCLUSION

I found the scammers are creating what appears to be legit Facebook pages, stealing the identities (name and picture) of the attempted victim’s friend.

In the specific case of my friend’s pages, it appears the two accounts they recently created with older photos of them.

PROTECT YOURSELF – LOCK DOWN YOUR SETTINGS

This is why it is critical to go through a Facebook security check.

  • You must first prevent strangers from viewing your “friend’s” list.
  • You should prevent strangers from seeing your posts

When criminals see your “friend’s” list, they can check to see what information they can gather. If they see a picture of you at a dinner party and certain friends are there, they can burglarize your friend’s home or your friend’s friend.

If the criminal see’s you are eating at a restaurant or traveling, it would leave your home vulnerable to burglary. They know you are not home. Stop taking photos of your food…or at least post your food pics after you get home. Enjoy the moment of eating and being with friends. Be in the moment and not in your phone.

PERFORM SECURITY CHECKS

While you are performing this security check, I would recommend you perform a security check with every on-line service your personal identification may be compromised or used by a criminal to scam your friends. This includes Instagram, LinkedIn, and WeChat.

SOCIAL MEDIA SECURITY TAKE-AWAYS

  1. Up your privacy settings: To prevent identity theft,  We remind all that “it’s about your privacy settings. If they are lax, [an impostor] can just right-click to save photos.” To better protect yourself, “set them as tightly as you feel comfortable,” meaning allowing only friends to see your posts and photos. Allowing “friends of friends” or, even worse, “everyone,” access is opening the door to imposters.
  2. Limit your friendship circle: Don’t accept friend requests from people you don’t know. Period. No matter how locked down your privacy settings are, once they friend you, they will likely have access to all your photos and everything you post.
  3. Use common sense when posting photos: I know, I know, you think you do. But you don’t. Just last week a friend posted a photo of a check he’d given a non-profit (kudos to him). Even though he had marked through the account number I could still read it and could have copied it down. So no pictures of passports, credit cards, driver’s licenses, and other official documents. Since your Facebook profile and cover photo are public (no matter what your privacy settings are), Don’t post any photos you wouldn’t want stolen.
  4. Take action right away: If you receive a friend request from someone you’re already friends with, message them immediately to learn more. The new request will often turn out to be an impostor. In that case, report the impostor by using this link.
  5. Make yourself unsearchable: Go to your Privacy settings (on desktop, the little carrot next to the lock sign will bring you to settings, then choose Privacy; on mobile, touch the “more” icon and then find Privacy) and under the options for “Who can look me up?” set all of them to “No”.
  6. Use the Facebook secure your account wizard: Click here to begin the process.