I became aware of a new type of scam online the other day. One that I know a number of people have never heard of. So I figured I’d pass on some information about the way the scam works and some ways people can identify it.
The set up:
I received a Friend request on Facebook for someone I know. It was showing a lot of mutual friends and so while I had thought I was already friends, I accepted it. I was thinking maybe she had had an issue with her Facebook and had signed up a new account or that maybe I had only thought I was following her.
A few days later I began to get Facebook messages from her, just general chatting messages. This is something I found a little weird, since she’d never tried to chat to me on there before but again, nothing was glaringly obvious that something was wrong.
During the conversation, she came out with “guess what?”
I made a few guesses and then a couple of minutes later also added the guess of “you won the lottery?” as a joke. Even now, I don’t know what made me ask that question. My partner and a couple of friends think it was my subconscious letting me know something wasn’t right.
The response was that they had won $350000 from the WLA Facebook Lottery. That they hadn’t believed it until they had received the money. How they had thought it was a scam up until the FedEx employee delivered the cheque.
Alarm bells were then blaring in my head. Anyone who knows me, knows that my background was in internet security dealing with scams and phishing, as well as the banking industry. The amount of times I’ve used the line “did you enter the lotto?” when people called to work out what their winnings from the UK Lottery, Spanish Lottery converted to in Australian dollars, only to be told “no” and having to explain it’s a scam would number in the hundreds.
So I decided to play along, while trying to get more information. At this stage, I still wasn’t 100% sure whether it was a hacker using my friend’s profile or something else.
I was all happy for them in the message, while googling what this scam was. Straight away, I got heaps of links saying it was a scam. That it was a fake profile being used. I kept playing with them, waiting to see what they would do. Eventually it came to the part that I was now aware would happen.
Apparently I should have been contacted because I had won money too. If by now, I hadn’t been certain, that comment would have warned me straight up.
At this stage, I decided to call them on it. Let them know that I knew they weren’t who they said they were. That it was a scam and no such winnings were available to me. Within minutes, the profile had blocked me and then had been deleted.
How does the scam work? It works in a couple of ways.
Firstly, it sets up fake profiles and then adds people that the person they are impersonating either follows, or their friends follow. You are more inclined to believe someone who is connected to you in some way.
Secondly, it makes you believe that the lucky person has won money, and tries to put you at ease by saying they too had worries it was a scam until it got delivered.
Thirdly, it attempts to get your personal information, because they will get in contact with the FedEx person to deliver your money. Again, this plays back on the idea you are more likely to trust someone who you are connected to.
Finally, it also works on a way to get money off you. Because you need to pay for the delivery.
There are some variations of this scam out there, including someone from “Facebook’s promotions team” contacting you (see: http://scam-detector.com/social-networking-scams/facebook-lottery-chat) in which has the added bonus of the person sending you to a link so you download a virus or keylogger.
What you should do:
It’s easy enough to say that you shouldn’t accept friend requests from people you don’t know but that in itself is difficult to follow. I meet so many people through networking events etc. that end up following me, I can never keep track of those I’ve met one off.
However, be cautious of things being too good to be true. There are millions of Facebook users, so if you aren’t entering a competition, the likelihood of winning one is zero.
If you work out that someone is using a fake profile, report it to Facebook. While you are following the profile, you can report it by following the instructions on here: https://www.facebook.com/help/174210519303259
It’s also worthwhile letting the person they are impersonating know, and they too can report it via that link (even if they don’t have a Facebook account, there are ways on that page to report it).
If you think that you have provided personal information to a scam artist, I would highly recommend doing a police report. You’re recording the fact that yes you had fallen for a scam but it also helps protect you if anything eventuates from them having your details.