The fake Facebook friend: ‘Please help me’

Suzanne Choney • E-mail

Is Facebook becoming Phishingbook?

A Colorado woman's experience this week — having her Facebook account hacked, and her friends e-mailed, supposedly by her with pleas for "help" and money — is not the first time such a scheme has happened. But the scam carries with it a sound of authenticity, unlike standard phishing, or identify theft, attempts: Within the gated world of Facebook, you "know" — or think you know — the person who's e-mailing you.

"At 7 o’clock in the morning, my phone was ringing off the hook, and I looked at it, and it was a friend of mine from another state," said Susie McLain, who lives about 20 miles outside of Denver. "She said, 'Are you ok?' I said, 'I’m absolutely fine; why?' She said that her husband had been contacted by the fake me saying that I had been mugged and stabbed in London, and that I was stuck there and needed money to get out, and that I was asking for $850 to be wired.

"And then I looked at my phone and I literally had like 15 text messages and two voice mail messages from friends of mine." All the messages were responses for help to "her" Facebook e-mail.

Facebook, the most popular social networking site in the United States, has had its share of security issues this year, as it continues to grow in popularity. Facebook says it now has more than 250 million "active" users worldwide, about 75 million of them in the U.S. The site's appeal is not lost on criminals who want to steal passwords and personal information that can aid in identity theft.

McLain, who has been on Facebook for about a year, got off the phone with her friend and tried to log into her Facebook account. She could not. She saw that her e-mail user name had been changed to a Yahoo account (which she does not have).

She e-mailed Facebook, using its "Report a possible security vulnerability" Web page and she e-mailed Yahoo to alert them to the fraudulent e-mail account.

"I got a form letter back from Yahoo saying, 'Thanks for alerting us, there's not a lot we can do, but we'll try,' " she said. "But it didn't say they were going to shut it down. For all I know, that account is still open with my name on it, which really bothers me."

'I changed everything'
She also tried calling Facebook, in vain dialing a Southern California corporate number for the site that yielded nothing except being able to leave a message with an operator. "I did that like five times, and I got no return call at all," she said.

She did hear from Facebook later that day, after a Denver TV station she contacted aired a report about her situation. Then she got an e-mail from Facebook spokesman Barry Schnitt, who had told the TV station the problem was part of a "low-volume attack" on a small number of users. In his e-mail to her Schnitt, she said, did apologize for the trouble and helped facilitate the reactivation of her Facebook account.

"It was called a low-level breach, but to me, it wasn't low-level," said McLain.  "I have a lot of friends (on Facebook). I have my daughter on there, my daughter's friends.

"I'm really trying to decide whether I want to stay on Facebook," she said. "I took my birth date off. I changed everything. I didn't have a lot of information up anyway, but what little I had, I made it a lot more vague."

So far, she doesn't think the phisher got any money from her friends. "The person posing as me didn't use very good English," she said. "That was the first hint to my friends that something was wrong. And I hope the second thing was that they'd know if anything ever happened to me like that, I wouldn't get on Facebook to solve my problem."

Sounds sensible, but as we all know, it's amazing what personal information finds its way onto Facebook, sometimes enough of it to help a stranger shape a profile of you and pose as you.

MORE FROM SECURITY

Security Section Front

Internet activists push for greater democracy EU assembly adopts Internet, phone user rights 'Mr. Right' grifts widow's $50K in Web scam U.K. cops arrest people ‘just for the DNA’ Virus attacks ‘jail broken’ iPhones China attacks ‘biased’ U.S. cyber-spying report Chinese military Web site target of cyberattacks FBI: Hackers targeting law and PR firms House pushes ban on peer-to-peer software Facebook hit by ‘Control Your Info’ intruder Security Section Front   Add Security headlines to your news reader: