On the Web, it's not always easy to know who your friends are. Mistakes in judgment can be very costly.
Internet imposters are perfecting the technique of impersonating friends on social networking sites like Facebook, with lucrative results. Victims are losing thousands of dollars. Emotional e-mail pleas sent by imposters, such as "I'm stuck in London and I've been robbed, help me," have become so effective that the FBI last week issued a warning to consumers about social networking sites.
"Fraudsters continue to hijack accounts on social networking sites and spread malicious software by using various techniques," the warning said. The agency says it has logged 3,200 complaints about such incidents since it began keeping track.
And Facebook responded to increased scam activity by posting a blog entry last week saying it is "redoubling our efforts to combat the scam" and detailing steps the firm is making to beef up security.
"Our security team is working with law enforcement and collaborating with email providers and other industry experts to identify and catch the criminals responsible," the post said. "Western Union also is working closely with law enforcement on scams such as this one."
Msnbc.com first brought you the story of Facebook ID theft in January. Brian Rutberg of Seattle had his status changed by a hacker to "BRYAN IS IN URGENT NEED OF HELP!!" The criminal then sent notes to all his friends, claiming that Rutberg's family had been mugged while traveling in London, and was in desperate need of cash. One concerned friend followed the criminal's instructions and wired $1,200 to London before realizing the error. The money could not be recovered.
Then in August, we updated the story, describing Colorado resident Susie McLain and her ordeal with Facebook ID theft. Her phone was ringing off the hook, and her cell phone full of concerned text messages, after an imposter began asking her friends for $850, claiming McLain had been stabbed during a mugging in London.
The criminals keep honing their story, and they've expanded their playing field, as reported on NBC's Today Show on Tuesday. They've moved beyond Facebook: Some targets are receiving imposter e-mails directly from victims' personal e-mail accounts. When Debbie Peterson recently received what looked like a private e-mail from a family friend who needed help, she jumped at the chance. But the e-mail was a fake, and Peterson sent $3,000 to the criminal.
"It's all we had in our savings. They take the emotional part of human nature and manipulate it to their advantage," she told the Today Show.
The scam works because personal e-mail and Facebook messages from friends carry with them an air of legitimacy that other Internet communication does not. Many users have wised up to so-called phishing scam e-mails that appear to come from banks or Internet companies like eBay, and no longer fall for traditional efforts to steal their passwords. But an e-mail that comes from a friend in need is hard to ignore.
In Rutberg's case, the e-mail dialog included his Facebook photo next to each comment, making it even more believable. In the image below, an imposter tried to trick a friend into sending money. The last message is from the real Rutberg, sent after he regained control of the account.
RED TAPE WRESTLING TIPS
Consumers who've been hit up for cash by an e-mail or Facebook imposter should fill out a complaint with the FBI at IC3.gov.
In the meantime, here's how to avoid being a victim:
- Never send money to an individual, even a friend, using Western Union unless you are ready to never see it again. There are no security measures in place to protect those who wire money that way, and there's no way to recover funds send through Western Union that end up in the wrong hands.
- Don't believe your e-mail, even if it comes from a friend. Any unexpected greeting cards, solicitations, or offers you receive should be treated with complete skepticism. Before you click, call and ask "Did you send this?"
- It's a good idea to have two e-mail contact addresses on file with Facebook, so you have a better chance of reclaiming a hijacked account if you become a victim. Criminals who hack accounts usually change the password to lock out the rightful owner. Facebook will use the secondary e-mail in an attempt to determine the real owner of the account.
Facebook has also set up a special page to deal with account hacking. You can find that here.
For other Facebook hacking issues, look here.
Become a Red Tape Chronicles Facebook fan.