So, this morning I get an IM on Facebook from a college friend. My only contact with her in the last 5 years have been a few random comments back and forth on FB. Anyways, long story short she said her and her husband are in London and just got mugged, they need me to wire them some money to settle the hotel bill. Now, if this is for real, I’d have no problem loaning her a couple bucks. After a little back and forth, I said “What floor did you live on in the dorms and what was the unique thing you did to your room?” She didn’t respond, she signed off and her page disappeared (I tried to get back to it to get her phone number so I could call her). I called another mutual friend who verified that this person is NOT in London, she’s in Chicago at home. This person also told me that she could still get to the other persons page. So I’m guessing after I asked her to prove who she was and she couldn’t she un-friended me but also must have blocked me so I couldn’t even see her page any more. I assume this is so I couldn’t write anything on her wall to alert other people.
So after that I went and reported it to facebook. There’s actually a spot specifically to report that you think a friends page was hijacked because they are claiming to be stuck far away and need money. That’s when I knew for sure it was a scam. (In fact, facebook calls it a 419 scam, which I thought was odd since IMHO it’s pretty different from a 419 scam).
Anyways, I get a confirmation/thank you from FB for reporting it, then about an hour later I get an email saying that MY page was compromised and involved in a 419 scam etc etc etc and my password has been changed.
So, either
1)Facebook locks down both accounts involved in the scam
2)My page really was hijacked also and someone reported it
or, my guess
3)After blocking me, that person also reported me knowing it would keep me from signing back on for a little while.
BTW, here’s the chat transcript.
HER
-hey
-how you doing?
ME
Good
HER
-i’m in some kind of deep shit right now.
-are you aware am in london?
-we went to visit a resort in uk,unfortunately for us we got mugged at gun point
brandon was hurt
ME
That’s not good. Cancel your CC
Is he ok?
HER
-all cash credit card where stolen
-it was a brutal experience and scary
ME
Is the baby with you?
HER
-thank God we have our life and passport
-yes
-I’ll brief you in full as soon as am back home…need your urgent help??
[This is when I figured something was up, who says “need your urgent help” other them scammers]
ME
What do you need?
HER
-our flight leaves in 3 hours,but we are having problem settling the hotel bills,need you to loan me few bucks so we can sort the hotel bills and get a cab to the airport
-will def refund you as soon as we return tomorro
HER
are you still there??
ME
How do I know this is you?
HER
-if i wasn’t the one i wont ask you to wire to my name as we both know i
will need some kinda of identification before i get the cash at the
bank
ME
What floor did you live on in college and what was the unique thing you did to it?
My ex gf got taken by this email scam a week ago to the tune of $1600. It was super bad timing on her part as the hacked email came from her friend who as it happened was known to be going to London for a delayed honeymoon at the time.
She only got suspicious after they emailed back asking for more money after the first transfer. She’s a great woman but a bit naive and very technophobic.
If someone was a good enough friend for me to be loaning them money, they would have my personal telephone number and would have called instead of using Facebook…
Yeah, and like I said I haven’t really even talked to her since college. I just figured, ya know what, maybe she lost her phone when she got mugged, doesn’t have any phone numbers or money for an international call and I just happened to be on FB (and she was too for some reason). I’ve always been a ‘give them the benefit of the doubt’ type person so I didn’t really question it. But there were too many red flags and when she disappeared after that last question it told me all I needed to know.
Similar thing happened to me on Yahoo email. Someone scammed a facebook password from your friend and that someone gleaned enough info from facebook to seem almost convincing. I asked a question that only my friend would know the answer to and that was the end of it.
The old “I just got robbed and need money now” scam.
I’m not sure I get it. How did a scammer IM you with someone else’s name? Or did the scammer somehow just randomly guess your friends password and actually log into their account?
A lot of times, people provide enough info in their Facebook public profiles (or elsewhere on the net) that you can use the “password recovery” feature on their E-mail and get into their E-mail account. This is how Sarah Palin’s E-mail was hacked by someone. If you start typing “facebook scam” into Google you’ll get suggested options of “facebook scam stranded” or “facebook scam stranded in london”, and there are lots of hits out there for stories where scammers successfully get relatives/friends of the hacked to wire them money, or raise suspicion where someone calls and finds out that no, friend is at home/work/whatever, and ‘what is happening on my FB account?’
Somebody did that with my Hotmail account a couple of weeks ago. Locked me out and tried to scam everybody on my contact list. I still haven’t been able to recover all the saved email from that account. Microsoft is less than helpful.
One of my friends had the same thing happen to her Yahoo account too, right down to the detail of being in London.
So…what was the unique thing she did to her dorm floor?
The old trick back on myspace (and probably still today) was that someone would put a link on your page, but when you click on it it takes you back to the facebook/myspace login page and ask you to log in again. The login page was fake and now they have your username and password.
Her roommate moved out after the first week or so of the year so her and her boyfriend pushed the two beds together to make one giant mega-bed.
Someone’s email got hacked and they sent the same scam to everyone on a juggling listserve that I’m on. It’s definitely a scam. I think it’s likely they reported you in retaliation, too. Seems to coincidental otherwise.
I’m already back in, all I had to do was reset my password. Also, I’m fairy sure it’s not going to be an issue, but I had sent her an email telling her what happened knowing full well that the email on her facebook account my very well be an email that the scammer created to look like hers* so that any correspondence (such as, where should I send the money) would go to him. My phone number was in the email also, I told myself that if she calls me, the first thing I’ll do is ask the same question I asked before.
Later on I got a hold of a mutual friend that’s going to call her and let her know what happened so I told mutual friend that if hacked account friend needs to talk to me that she should text me her phone number so I know it’s the right person.
*It seems I was right about the scammers swapping out the email address since when my account was shut down the email I got said “We have changed your password and, if necessary, restored your contact email address.”
Also, I sent an email to FB and they said “Your account is safe and has not been compromised. We reset you password for security purposes.” So maybe it’s SOP to close down both accounts.
I would try to get into contact with your friend and let her know personally that her account’s been compromised.
Thanks for the clarification. Scary stuff.
Already did (well I called a mutual friend and they called her). Mutual friend just emailed me and told me that she had been IMing lots of people this morning. FB shut her account down (which I assume is because I reported it).
Just a couple of tips:
-
You should generally allow only friends to view your profile. And even the, I have different levels of security set, depending on how much of a friend I really think you are.
-
For your security questions that are often used to recover your password, you should probably not use the real answers to “What dorm did you live in” or “Who was your first girlfriend” and so on.
-
Don’t give money to people who ask you for it on Facebook. WTF is wrong with you?!
I’m not sure if these are aimed at me, but I’ll answer them as if they were.
1)This is irrelevant since she is a friend so she can view my profile (which is totally locked down to anyone else).
2)IMHO that was a damn good question to ask. If this was really her she could have answered those questions with no problem, she didn’t and that ended the whole thing.
3)I didn’t give any money to anyone, but I wouldn’t have gone any further until hearing her voice on the phone or, at the very very least verifying through some other people that she really was in London. Even from there, if she had no way to get to a phone to talk to me, I’d probably ask her to find her way to a police station where I could look up the number and call her.
Anyways, these are all what-if’s and they don’t really matter, I spotted it as a scam, reported it to FB and the person who’s account it wasn’t even close to giving anyone any money.