I had the same experience with a different “friend” pretty much the same story but smelled a rat.

This is a form of identity theft. serious stuff.

I had the same exact experience, London and all. I tried to post on my friend’s wall, but the phisher deleted my post and defriended me! lol

A couple a weeks ago there was some stranger that jumped into a small (but still open) network I built in Ning. And she started to connect to people and seemed to be a human, not a bot. But one of the people that had started conversing with her told me there was some kind of money-need coming up a little bit to fast to be taken seriously. So I kicked her out on the spot.

Had this happen to two people I know in the last week.

Props to Rakesh, seriously.

classic ATO really.. people do use very simple passwords, so there’s real surprise, nowadays, for such situations to occur.

no real surprise. sorry

[...] of Facebook phishing Filed under: Culture, Technology — Luke @ 4:06 pm A new form of identity theft: lifting your Facebook account information and taking advantage of your friends. There’s really [...]

These guys are getting really desperate.
Yesterday, I received an email from a friend of mine who lives in Omaha, well, that’s what I first thought it was, see a copy of this email below; stating almost the same thing, as the above.

When I first read that email, I was like, oh, maybe it’s real, and then I started looking at the header, and realized that it was sent to an “undisclosed emails”, plus the language in the email message didn’t seem right, and these were the key for me to instantly realize that it wasn’t him. They hacked his Hotmail account, and changed the password, now he’s locked out of his account, and he’s now wondering how he can get it back.

I am not sure how he can get it back; I don’t have a Hotmail account.

Below is the copy of the email I received yesterday, from those who hacked his account, using his email account.

—————————————–

Flag this message

Subject: I need your urgent assistance….

From ############
Monday, January 19, 2009 6:22 AM

From: “############” View contact details
To: undisclosed-recipients

Hello,How are you doing today? I am sorry i didn’t inform you about my traveling to Europe for a program called “Empowering Youth to Fight Racism, HIV/AIDS, Poverty and Lack of Education, the program is taking place in three major countries in Europe which is Italy,Holland and London. It has been a very sad and bad moment for me, the present condition that i found myself is very hard for me to explain.

I am stranded in London because I forgot my little bag in the Taxi where my money,passport, documents and other valuable things were kept on my way to the Hotel am staying, I am facing a hard time here because i have no money on me but fortunately got my ID with me. I am oweing a hotel bill of $1800 and they wanted me to pay the bill soon or else they will have to hand me over to the Hotel Management. I need this help from you promptly to help me back home, I need you to help me with the hotel bill and i will also need $700 to help feed and get myself back home .So please can you help me with a sum of $2,500 to sort out my problems here? I need this help so much and on time because i’m out of the little cash i had with me, Please understand how urgent i need your help.

I am sending you this e-mail from the city Library, I will appreciate what so ever you can afford to send me for now and I promise to pay back your money as soon as i return home.

Hope to hear from you soon. Although, the embassy here have promised to give me a covering travelling papers that i will need to have my way back home , all i need right now is the money to settle up the bills and leave

Love -best wishes

“Only a life lived for others is a life worth while.”
Albert Einstein

——————————————————————————–
Windows Live™: Keep your life in sync. See how it works.

They get the account through phoney e-mails. I received 4 e-mails in the past few days along that say “so-and-so commented on your status” or “sent you a message on facebook” and they contain fake links to login to facebook. That’s how they steal accounts. Never click on any links you get through e-mail.

So, it’s not clear whether Matt’s account had been compromised (someone hacked into it) or whether the phisher created a new account and pretended to be Matt. After all, it would be fairly simple to steal the thumbnail photo and most people just respond to chat without pulling up the profile.

I’m thinking it’s the latter strategy, but could the author clarify?

Facebook’s response to this is pitiful. This happened to a friend over a week ago. Exact same scam about being in London. The hackers changed his pw and locked him out of his FB acct. Facebook’s response has been a joke, support is almost nonexistent and he still can’t access his FB account.

Heh. I don’t even loan money to my REAL friends.

Help, I have 4995 friends, and 362 requests to send money to London.

Presumably the account was compromised. One cannot establish a message on Facebook Chat unless the two accounts are already “friends.”

His account was compromised. I’m pretty sure that’s the only way he could chat with me.

I know..lol..I would be like..that is nice..ask your parents..or call me and we can talk about it.

one has to use a certain amount of caution when posting and chatting on social nets

Yeah, serious props to Rakesh. This is so sad and scary. But seriously, if you’re gonna be a phisher, do some more research. What a poor attempt.

Anybody that knows me knows I’m broke as a joke.

This happened to me on Gmail last year. Someone hacked my account and sent the following email to numerous friends. Similar to above, they started engaging them through Google Talk.

The main issue is, since Facebook and Gmail have little to no Customer Service or support, it takes over a week to have your account locked and reviewed (the hacker changes the password and locks you out). Your basically a couple weeks sorting this thing out…

Gmail message below.

Hello,

How are you doing? Please i really don’t feel like disturbing with my little problem but i don’t have any other options rather than seeking for help from you,please try to understand.

Actually,I travelled down to Nigeria but unfortunately for me,I was robbed by some street orchids while trying to get a cab back to my Hotel. Right now,I am stranded and so cashtrapped.I can’t even think straight now.

With the little money I’ve on me,I have access only to email and worst is my mobile phone doesn’t work here. So I was thinking if you’d lend me the sum amount of $1500 to settle my hotel bills and other things please.

I will pay you back as soon as I get back. I am so confused right now. you can have it sent directly to the Western union money transfer office down here. My passport is not with me. I am almost impatiently waiting for your reply.

With regards.

“There’s really nothing Facebook can do about this from a technical standpoint…impossible to prevent once an account has been compromised.”

Facebook can definitely do something to stop accounts from being compromised. Offer strong auth – something more than a password. A lot of banks are doing it already. Quit being lazy.

-J

Guys,

this is really Matt. I am really stuck in London. what is this joke about the scam thing?

can somebody please ask rakesh to wire me some money ? please ?

;o)

What do you expect from a free service.

This is Rakesh.
I humbly wish to solicit for your assistance in a business transaction.

This business proposal I wish to intimate you of will be of mutual
benefit to the both of us and its success is entirely based on mutual
trust, cooperation and a high level of confidentiality.

I am representing the board of the contract award and monitoring
committee of the Zambian Ministry of Mining and Resources. I am seeking
your assistance to enable me transfer the sum of US$15,000,000.00
(Fifteen Million United States Dollars) into your private/company
account.

The fund came up as a result of a contract awarded and executed for and
on behalf of my Ministry. The contract was supposed to be awarded to two
foreign contractors to the tune of US$180,000,000.00 (One hundred and
Eighty Million United States Dollars). But in the course of negotiation,
the contract was awarded to a Bulgarian contractor at the cost of
US$165,000,000.00 (One hundred and Sixty-Five Million United States
Dollars) to our advantage unknown to the contractor. This contract has
been satisfactorily executed and inspected as the Bulgarian firm is
presently securing payment from my Ministry, where our Board is
in-charge of all foreign contract payment approval.

As a civil servant still in active government service, I am forbidden by
law to operate an account outside the shores of Zambia. Hence this
message to you seeking your assistance so as to enable me present your
private/company account details (preferably an empty account) as a
beneficiary of contractual claims alongside that of the Bulgarian
contractor, to enable me transfer the difference of US$15,000,000.00
(Fifteen Million United States Dollars) into your provided account.

On actualization, the fund will be disbursed as stated below.
1. 20% of the fund will be for you as beneficiary
2. 80% of the fund will be for us.

All logistics are in place and all modalities worked out for a smooth
actualization of the transaction within the next few working days of
commencement. For further details as to the workability of this
transaction, please reach me as soon as possible for further
clarification.

Kindly expedite action, as we are behind schedule, to enable us include
this transfer in the first batch which would constitute the first
quarter payments for the 2009 financial year.

Thank you and God bless as I await your urgent response.

Rakesh

Facebook needs to up thier security! There must be some sort of flagging system in place!

BestJobsOnline
http://tinyurl.com/7uj5ay

[...] [原文へ] [...]

Dude, you are funny!

It seems like this kind of things happen regularly.

I suppose that there is indeed nothing can be done by
social engineering once the acc has been compromised, just like the situation metioned.

All the site carrying user’s infomation will have this risk, such as alumni record site, SNS site, and so on.

So, cling to your own account and keep being vigilant :)

ye.. it can amount to jail term!

This has been already happening in the UK. Old news really. Guess they decided to try the US.
At least London is more believable than Lagos. If you wire money to a friend in Lagos, you really need to have your computer confiscated.

If they are actually serious about real identities, facebook should employ some basic identity verification.
http://www.telegraph.co.uk/scienceandtechnology/technology/technologynews/3438012/Facebook-infiltrated-by-Nigerian-fraudsters.html

It’ll probably take ages for them to change their login verification. I heard about this one about a month or so ago and posted a link to the story in my status. Most people never even heard about it. If Facebook was serious about educating people to spot/prevent these scams, why not use the ads?

[...] It looks like some scammers are using Facebook to their advantage, hacking accounts and exploiting the wealth of personal information available to trick your friends into giving them cash.  TechCrunch reports it here. [...]

i wonder what these scammers can make per hour.

There is really no way to flag these jerks who scam others. New technology is just another tool, for good and for bad. People have to understand that.

[...] incarnazione del phishing corre proprio sulle pagine virtuali del social network, dove a quanto pare alcuni si starebbero impossessando di account di ignare persone, spacciandosi per loro in chat per [...]

lol @ Einstein quote…

but come on… these emails are so obviously fake…

the conversation of Rakesh however seems more obtrusing… because most people will use ‘chat language’ not caring much about grammar… it is harder to filter out the bad language…

Exactly… I hardly use one channel to communicate with my *real* friends… especially when it comes to these situations

msn/email/sms/phone/telegram/smoke signals

and every now and then a face to face chat

The solution is to use different passwords for different services… especially when it comes to services as Gmail…

I know that a lot of people will use the same password on a dozen of sites… and once one site has been exploited… he’ll get them all…

Also don’t forget to distrust website owners also (many low-end sites will NOT encrypt passwords)… in combination with the email adress you’ve entered with your subscription… it is really easy to take over your account.

SMS authentication for example…

“Only a life lived for others is a life worth while.”
Albert Einstein

I bet somebody really stranded will coincidentally have this quote on his e mail.somebody who will help you does not need this much convincing.i guess these are desperate days

This happened to me the other day and the Australian media outlets have been contacting me for comment.

Have a read of the transcript (there is a pattern) and follow my advice if this ever happens to you

http://liako.biz/2009/01/phishing-for-fraud-on-facebook/

I agree the only way to combat this is through awareness. It’s not Facebooks fault, although my friend who had her account compromised tells me how frustrating Facebook was in settling the situation.

Well, for starters, London isn’t a country. I guess the geographical ignorance at least narrows down the hackers location to somewhere in the US.

I wanted to buy a car in Germany and the guy wanted me to send him the money only through Western Union which was susspicious…. i later found out this is a complete scam. but this was long ago. now i bet they are much more inventive :(

Seems, the scammer forget to use the facebookgrader (http://www.techcrunch.com/2009/01/19/facebook-grader-for-the-sad-sad-people-out-there/), twittergrader and other graders. I believe that day is not too far they will be able to create their hit list more easily.

No fun intended, this is the risk of transparency… at some time there need to be balance between how much to keep personal information public.

-Raju

A friend of mine totally had this happen to her the other day…
As soon as she started asking questions and they person seemingly was getting them wrong they sort of freaked out at her.
Such as button mashing and calling her “Bastardo”. It got more hostle when she started leaving comments and such everyone annoucing that the person was a hacker. Very comical but pretty deep for scam.
People are gross.

Stupid Nigerian losers. I wish someone would just NUKE Nigeria. Problem solved!

RT
http://www.privacy-web.us.tc

Wow, this is really scary. Got to be on my toes to avoid this.

Wow, this is scary.

Hahaha I actually just did a blog story for my television station about this. Was hacked, even though I am a good little boy, using Firefox, not downloading unknown files, etc…

Check out my story, along with screenshots from some of his sent messages from my account, and how I was still able to connect to my Facebook account after it was compromised:

http://participate.foxprovidence.com/blogs/shawntempesta/2009/01/12/Pls_Help_Me_From_This_Suck_When_Your_Facebook_Gets_Hacked

[...] Social networking sites like Facebook and MySpace reveal a lot of information about you.  For your friends, that’s a good way to keep in touch with each other.  For others, that’s a good source of details they can try to use against you.  Everybody has received scam or phishing emails by now, but enterprising folks have begun to mine data from social networking sites to use in these scams, as shown in this TechCrunch link [...]

If they can’t develop better security, maybe they should be renamed Phacebook.

As if anyone would actually fall for this though really. If your friend was stuck somewhere and needed $800, would they really ask you through your Facebook account?? It’s just common sense really…

If these scammers ever work out that we dont all talk and send emails like old fasion news readers then we will be in real trouble. They stand out easily now because they try to use such formal language. All one of these scammers needs to do is hire a 17 year old from the US or UK or something and we’re screwed!

I had the exact same experience occur right around the holidays. As soon as I began to question the person on how they knew me, it became evident that they were lying.

Seems to me the easiest way to protect yourself in these cases is to attempt to speak to your friend, face to face. Ask if you can call them or they can call you instead of chatting about it. A friend really in need will agree, a rat won’t.

I agree, the people in my facebook either know me from childhood or don’t care where I went to school, etc. Even though I’ve personally accepted each friend, I still feel it’s prudent to limit the amount of info I put up.

[...] one, watch out for the latest phishing scams, as TechCrunch puts it phishers are hitting up ‘friends for cash’. What’s it all about? Hackers [...]

[...] is new way phishers hit up “friends” for cash. read the detail from TechCrunch here. function fbs_click() [...]

[...] but now it looks like these scammers are getting smarter by engaging in a form of identify theft. Latest Facebook Scam: Phishers Hit Up “Friends” for Cash Today we received a transcript from Rakesh Agrawal, President/CEO of SnapStream, that shows how [...]

[...] so maybe spammers have an easier job on Facebook compared to this next example. Apparently scammers have been hacking into people’s personal Facebook accounts. They look [...]

Not necessarily, especially if both the hacked account and the potential scam-victim’s phone numbers are available. It is possible to spoof caller-id numbers.

Same thing happened to me… from an acquaintance that surely wouldn’t be asking me for money under normal circumstances:

8:58amLeslie: You there?
8:58amTamar: good morning :):)
8:58amLeslie: gud morning
I need your help
8:58amTamar: ok, hope i can be of help
(how are you, btw?)
8:59amLeslie: I’m stuck in london
8:59amTamar: that doesn’t sound so bad! j/k
need some info?
8:59amLeslie:
I was mugged at gun point last night
I was mugged at gun point last night
8:59amTamar: what??
9:00amLeslie: I need you to loan me a few bucks
9:00amTamar: how
9:00amLeslie: You can wire it to me as we speak
9:01amTamar: you’re kidding, right?
9:01amLeslie: I’m dead serious
Its scary here
9:01amTamar: why did you reach out to me?
what were you doing in London?
9:02amLeslie: came here for business
9:03amTamar: sure… why did you reach out to me?
9:03amLeslie: cos i feel you can help me
9:03amTamar: why me?
do u have access to your email account?
9:04amLeslie: whjy do you ask
?
9:04amTamar: so that i can confirm your identity.
do people really fall for this?
9:04amLeslie: How do you mean
?
9:04amTamar: do you know how we met?
that’s it? give up?
9:06amLeslie: are you kiddinng wtf
9:06amTamar: no. how did we meet?
9:07amTamar: not sure how to respond? come on, easy question.
9:09amLeslie is offline.

I then attempted to warn her other friends by posting on her wall, and was promptly de-friended.

[...] know it sounds harsh, but it turns out that Facebook hackers have been targeting people through Facebook’s chat feature and asking the hackee’s friends for money for various reasons. They prowl through their [...]

Great article. Thanks for the information.

[...] out. There’s a new Facebook phishing scam making the [...]

[...] Latest Facebook Scam: Phishers Hit Up “Friends” for Cash – [...]

This actually happened to me too.

But we had some fun with it and i actually have our recorded conversations we had with him via skype.

I have a copy for those interested. Just email me, might take a lil to respond since it’s my secondary email i use but i’ll get it to u.

Awesome.

Only idiots use Facebook

shakes my head

http://thecashcratescam.blogspot.com

Speak for yourself. Dbags like this will always be easy to spot, just use some common sense.

To quote the late Johnny Carson “May the fleas of ten thousand camels infest their armpits”.

These sort of problems are inevitable if you are actively engaged online these days. I was trying to learn more about fishing and stumbled upon http://www.justaskgemalto.com/en/tips/how-does-phishing-work. Worth a look IMO.

Νέες επιθέσεις scamming στο Facebook…

Στο Facebook το καλό είναι ότι σχεδόν πάντα ξέρουμε με ποιον μιλάμε, γιατί είναι από τα λίγα social network στο οποίο όλοι σχεδόν έχουμε γράψει το κα….

These type scams are common in dating sites and similar scams on ebay (bogus goods.) Making their way to Facebook is disgusting, but, I guess,inevitable.

[...] I get you to give me money? I came across this interesting article. It basically shows how a hacker who manages to get access to personal information, could then [...]

[...] latest phishing scam on Facebook has raised the question yet again as to whether the social networking site is dropping [...]

[...] latest phishing scam on Facebook has raised the question yet again as to whether the social networking site is dropping [...]

[...] -Oh and if you are on Facebook and I hit you up for cash. It might not be me. Seems there is a Facebook Scam going on where phishers are pretending to be friends that are stuck and need cash. Read more about that here [...]

There are checks that can be done when someone tries to change their password – ask for some other piece of information at PW change time that would prevent the hacker from locking the real user out.

Facebook can take ATO (account takeover) steps if they want to hire the right people to work on it.

Haha good one.

[...] with Facebook is this: Only after I Googled, revealed this phishing scam is old news. TechCrunch covered it on the 20th and WSF (Wall Street Journal) covered it [...]

[...] Latest Facebook Scam: Phishers Hit Up “Friends” for Cash [...]

[...] impossible to catch unless recognized by the recipient. TechCrunch.com recently published a transcript of a phishing attempt via the Facebook instant messaging system. What appeared to be an instant message from a friend in [...]

[...] YouTube, Flickr, Twitter, FriendFeed, and all the rest without opening yourself up to phishers, scammers, and identity thieves. Something to think about since today is Data Privacy [...]

Actually a chat program like Pidgin will allow you to be logged in within a web browser and chatting through the IM

This happened to me only moments ago. They hacked a friends account.
Fortunately I know him well enough that the conversation didn’t make any sense.
I asked for a phone number to call at, and the one they gave me was for a private residence. They were also unable to answer the most basic of questions as to how we knew each other.
Once I busted them for a scam I was deleted and blocked as a friend also.
Dodgy!

Check your Facebook Contact Settings!

This scam just happened to me and my friends, and I wouldn’t have been any wiser had I not gotten SMS messages from them!! I was able to see a IM conversation as well as a email they sent I don’t check Facebook every day. What was weird was I could see these “Chats” on both my phone and computer. Thankfully my friends are skeptical!

Check: Blocked/Deleted Friends- they deleted the ones that questioned.

Status Updates: I updated 2x before it finally stuck!

Contact Email info! They added a very similar email to my Facebook profile- changing only the domain to opera. This was made the defaul contact email!

I have no idea how they did this, but I am going to run a virus scan on my computer- and disabled my Iphone till I figure this out. Thanks for the press coverage-my mother new it was a scam! My friends figured out it was.

[...] for financial help of some sorts. Ugh! See: Fears of impostors increase on Facebook [CNN.com] and Latest Facebook Scam: Phishers Hit Up “Friends” for Cash [...]

[...] CNN reported on an increasing number of phishing attacks seen on Facebook, using a technique we first heard about in January. After gaining access to compromised accounts, scammers are now using Facebook to ask [...]

[...] CNN reported on an increasing number of phishing attacks seen on Facebook, using a technique we first heard about in January. After gaining access to compromised accounts, scammers are now using Facebook to ask [...]

[...] TechCrunch and CNN reported that Facebook users are not immune to phishing attempts.  CNN reported that some [...]

[...] friends from getting scammed by the fake you, of which there may be a few lurking around already looking for a helping hand. Personally, I love my friends and family, and thankfully they take responsibility for their own [...]

Wow people really have no morals anymore!

Hey Matt – this just happened to me yesterday. fortunately FB locked my page down after just a day – or the hackers disabled it when they gave up. How did you get your account back?? I’m really curious if I can get my page back. I would appreciate if you let me know – thanks!

This exact scam happened to me yesterday. Facebook’s response is ridiculous. They said I had to log in to my Facebook account to report the scam. When I pointed out to them that the cybercriminals had changed my password and taken it over therefore I couldn’t log in, they said that was just too bad. This means that they know their site is being used by criminals, exploiting their users and they choose not to act. This is inexcusable. They are just too lazy to find a fix.

This came to me tonight in an IM on facebook.

Clear Chat History
Couldn’t retrieve chat history
12:26amMichael
Hello Jordan

How are you ?

12:27amJordan
im doing great man just got home from work

long time no talk

how have ya been

?

12:27amMichael
Well im stuck here in london and i really need some help out

12:28amJordan
in london?

help with what?

12:28amMichael
Yes…i had to visit a resort for vacation here in london and i got robbed at the hotel im staying

12:28amJordan
eh

that sucks.

passports and everything taken?

12:29amMichael
Well i still have my passport with me

12:29amJordan
thats good

12:29amMichael
But all my money and wallet got stolen at a gun point

12:30amJordan
DANG!

how long ago

12:30amMichael
It really sucks here

Two days ago now

12:30amJordan
thats crazy

so is all your money gone?

12:31amMichael
I just really need some help with flying back home

Yes….I just really need some money to complete my ticket fee now

Can i ask for a favor ?

12:33amJordan
you can ask for a favor…but im broke dude

i have like 10 bucks to my name

12:34amMichael
All i need is just $300 more

12:34amJordan
if i had the money dude id give it to you in a heart beat.

did you go to the police???

12:35amMichael
Yes..But they can help me out

12:36amJordan
?

12:36amMichael
Can you get me $100?

I can get it from the ATM for you as soon as im back home

12:37amJordan
dude i seriously have like 10 bucks to my name.

i wish i could help bro…

12:39amJordan
did you talk to your parents?

12:57amJordan
you there???

1:11amJordan
right now you are not only breaking federal law but you are in serious danger of going straight to hell. You do realize that don’t you?

1:13amJordan
Your sins will find you out. God says everything will be shouted from the rooftops one day. What you have done is going to be seen by all on the day of judgment. You will not get away wtih this crime, I promise you.

Shame on you, shame! Mike is a committed Christian and I am telling you the God he serves will not allow you to get away with this and GOD ALMIGHTY WILL TAKE VENGEANCE UPON YOU!!! Get ready because the weapon of the Lord is on it’s way to bring you down, man. Better brace for it. It’s headed your way.

1:20amMichael is offline.

I WAS ALMOST SCAMMED!

A nice guy from Geekzone.com @freitasm sent me this link and turn around my decision on finding ways on how to help my friend who was “mugged” in London.

Here’s the full story and I hope this kind of BS will stop. I’m beginning to think Facebook isnt safe aynmore.

http://www.techconclave.com/forum/what%27s-hot/omg-is-my-friend-mugged-or-am-i-scammed/msg78/#msg78

Please read and be amused of how the guys tried to trick me today!

This is still happening – just happened to me about an hour ago. FB chat, almost word for word like some of the transcripts above. Mugged at gunpoint, in London, the works.

[...] was at this point, though, I remembered a blog post from TechCrunch earlier this year about people gaining access to Facebook users’ accounts and then hitting [...]

Oh how the mighty have fallen and the important lesson that we can all be suckered.

Yes, this happened to me yesterday…First time I have ever been caught up in anything like this and didn’t catch-on. I work in the web 2.0 world too–ugh I will be pissed at my self for a long time…so anyway, how did this happen?

A little bit of luck, great timing on their part and crappy timing on mine, plus a healthy dose of letting my guard down inside my personal social firewall. Of course there is no real excuse and once I had time to think about all of this…there was 100 different ways I could have followed my Spidey sense and nailed these guys. Alas, I didn’t have my head on.

Top Lesson: Do not underestimate the power of personal contact with someone posing as a friend and has at their finger tips at enough information on the comprised profile to keep you off guard.

They can read your message history and pick up on subtle salutations and nick names etc…These are things you see on wacky action movies, not done by what you think are your friends.

Simple way to check:

1. Phone Call/Video Chat

They have an internet connection there is a phone close by. Spend the money to save the money. Long distant call is not that much these days. Get them on a visual chat like skype.

2. Check with friends and family to see if they validate anything. Your friend in need can wait the extra hour or two it takes.

3. Ask a lot of questions that only the two of you would know. This was mentioned by others, but a good way to check it out. If it’s really your friend or family member they will not be offended and if they are, you can apologize later.

Welcome to the cyber world it can happen and if you are busy at work and stressed out and a really close friend (who does travel a lot) cries out for help. It’s hard not to get sucked into the drama. Unless you are cold-hearted and a cynic. God love you because I need to be a little more of that, but not too cold.

Stay safe and informed out there.

[...] Read more about this facebook scam here: http://www.techcrunch.com/2009/01/20/latest-facebook-scam-phishers-hit-up-friends-for-cash/ [...]

[...] Read more about this facebook scam here: http://www.techcrunch.com/2009/01/20/latest-facebook-scam-phishers-hit-up-friends-for-cash/ [...]

[...] for financial help of some sorts. Ugh! See: Fears of impostors increase on Facebook [CNN.com] and Latest Facebook Scam: Phishers Hit Up “Friends” for Cash [...]

[...] Facebook scam [...]

[...] any of you have been contacted by a Facebook friend who is purportedly stuck in Europe, penniless and in dire need of a wire transfer to enable his or [...]

[...] scam was written up in Techcrunch in January and is still being used to con people into wiring [...]

I just had the exact same thing happen to me. As soon as the scammer couldn’t answer my questions they logged off and “defriended” me. Here is the transcript:
Carolyn
Hi there
How are you doing ?
8:03am
Maria
Carolyn!!! How are you???
I am doing fine, although it is too damn hot in AZ!!
8:04am
Carolyn
I’m not too good
I’m in some kind of deep shit.
8:04am
Maria
Really???? what’s going on?
How can I help?
8:05am
Carolyn
I’m stranded in London because i got robbed at a park in Kentish town
8:05am
Maria
seriously???
8:06am
Carolyn
it was a brutal experience
all cash i had on me were stolen and my credit card was collected too now i’m left with no money here.I need help out of here.
8:06am
Maria
Oh my Gosh!!!
Do you have a cell phone that works in Europe?
8:07am
Carolyn
the mugger’s collected it
I need your help?
8:08am
Maria
Where are you staying? Give me your phone number where I can call you?
8:08am
Carolyn
I’m in a public library
8:09am
Maria
I don’t have a credit card right now… so I don’t know how to send you money.
What is Susan’s phone number?
8:10am
Maria
…or your Mom’s? I will call them.
8:10am
Carolyn
no
what you need is my name and present location and you get it wired to me here
can you do that for me ?
8:11am
Maria
at the library? Can you tell me the name of the place that we worked together?
8:11am
Carolyn
You can have it done online (www.westernunion.com) or you can go to any nearest bank or amazon booklet…
8:12am
Maria
Carolyn???
8:12am
Carolyn
are you on the site ?
8:13am
Maria
Answer my question… what is the name of the place that we worked together.
8:13am
Carolyn
are you trying to verify me ?
8:13am
Maria
yes!!!
8:14am
Carolyn
also if i wasn’t myself i won’t ask you to wire the money to my name as you and i know that i will need some identity to verify myself to the bank here before they can give out the funds to me and thank God i still have my passport with me
8:15am
Maria

Carolyn, if this is really you. answer the question, please!!!
8:15am
Carolyn
I’m freaked out here
school
8:16am
Maria

I don’t believe this is you. I am calling the police–and tracking this transmission.
8:16am
Carolyn
got it ?
8:18am
Carolyn is offline.

This happened to me this weekend! Most of my friends saw through it, but a guy in once knew TEN years ago and recently re connected with, actually SENT 1000.00 dollars!!! I am soo pissed!

Wow! I just came across the exact same scam just yesterday where a friend was supposedly hurt badly. Fortunately I managed to document the whole process including the full chat transcripts with our friend the hacker… scared the crap out of him!

http://blog.plasticmind.com/social-networking/facebook-chat-hacker/

Yeah, in fact, the hacker I encountered attempted to convince me by sending me a message via a gmail account that was one letter off his actual email. Sneaky!

I am confirming now, but guarantee the same thing just happened to me … mugged in London, lost everything and need money to pay hotel bill.

Same thing happened today with an old co-worker of mine. The scammer IM me, and another old co-worker of their’s (that I work with again at a new location and we sit next to each other). I had already heard about this scam a week ago, so I decided to play along with it, and got the “Western Union” address from them, told them it would take me about 2 hours, meanwhile we reported it to the FBI as well as facebook.

Here’s the Western Union addy they used as well:
6 Kentish Town Road, London, NW5 2AA.United Kingdom

U are an idiot…its your country that will be NUKED and everybody will find peace…go to hell sucker

The scammer tried this scam on me TODAY, and I was on my way to the bank when I called another friend to verify that our other friend was abroad, and found that she was not. Where can we report this?? Facebook “report scam” has not gotten back to me?

I was just hacked into and I’m curious how others handled it. Did you create a new account?

My roomate just came out into the kitchen saying she was feeling sketched out by this conversation she was having. I type “facebook scam” into to google and *poof*. “hey look, I just found the story you got pitched”.

Just happened to me today and I nearly sent the money but felt something was amiss. So why are all transmissions being sent to London? And how would the scammer get the money without proper ID?

Same thing. Someone opened and e mail account at sify.com (some indian news web) sent a message to FB to change my e mail. I think FB let them change it before they confrimed with me. I got the e mail from FB asking me that if I had changed my e mail and if not to cancel it. In the 1.5 hrs that I was not aware of this e mail, they got into chat and did the same London story. My friend was sending the money with western union when she saw my update on the wall saying my account was hacked and stopped the transmission and just lost the processing fee. One question FB did not answer me is why they let my e mail be changed before they get my confrimation. Asked them three times – no answer to this one. Also, when someone says forgot PW do they get an automatic reply with the PW in their e mail without the security question form FB? If this is the case hey then we all are welcoming the cybercriminals. I also send a message to sify.com saying that that e mail was fake and should be terminated. Three times – no reply again. Any other place I can report them? And if these all are happening in LOndon how come they cannot be caught? Since I had FB the only application I loaded was Farmville. I never load applications too. Thx.

[...] http://www.techcrunch.com/2009/01/20…ends-for-cash/ [...]

Automated Facebook Attack underway…

Today our LinkScanner users started detecting rogue spyware attacks that seemed to be originating from Facebook. The first profile that we looked at looked like this… I wonder what happens if we view her video? We’re seeing rather a lot of these, all …

A friend got a telephone call from an Emergency Room in a London hospital saying that her two friends were in an accident and they needed money wired to them. She doubled checked and found that her FB friends were still at home. She lives in Finland and they live in Canada.

But that would be a very convincing scam to actually get a phone call from a person who sounded like a doctor so be VERY aware!

[...] Evidently, this scam has been around for a while. While I was chatting with my “friend,” I googled “facebook” “chat” and “scam” and this was the first result. [...]

SMS verification is a pain and not even reliable, every spammer and crook in town have one ( 2, 10 …) celphones and can verify. SMS verification will hit the regular people negatively – yes some people don’t have cell phones, and some don’t want to give their number – and allow the spammers and crooks to continue as always.

What amazes me most, is not that this happens. This kind – and others – of scam has been happening even before internet in many different ways. So I am not surprised. I am, however, surprised at the amount of people that actually fall for it. We;re not talking about giving a few words of comfort, we’re talking about sending money or personal information that no friend will ask for specially an online friend. People are putting too much into online friendships, sure they exist, but people have to be careful. We’re all friends in social sites, but we’re also all strangers specially if we don’t know the people personally and just met them online. Yes, it surprises me.

[...] facebook chat.  Back in the day, we spoke maybe a total of zero times so I thought he was one of these scam people.  Is it bad that I was hoping he was?  Because then I could be all, “This one time, some [...]

[...] not-too-smart-to-begin-with mind, alarm bells ring. A quick Google seems in order. Oh look, it’s a new scam. I email the link to the fellow who has taken over my friend’s Facebook account. Then the [...]

Specially with the bad economy people will do anything now days. You just need to be on top of things and login daily to keep things save on facebook and hope no one tried to hack your account.

This is increasing now days and we must be careful.

I was hit this morning. Still centered on London, UK. The issue seems to be that these folks have found a way to get into FB accounts. It is not the issue that they are sent your existing password or maybe not even that the password is complex, mine was 10 characters long and not common. They have some other way of getting in.

They want to change your email so they control the account longer. FB has not yet changed it nor sent them a copy of your current PW it has happened in some other way.

Yes, the best way to combat this, from the prospective of the people being asked for the money is to be cautious and skeptical. We had this stunt pulled on us via telephone with regards to some people we bought a property from some years ago. The information did not quite jibe and so we asked more questions. We figured out it was a scam but we could not get anyone to work with us to try and trap the perpetrators.

Anyway now I get to pry my account, which has now been disabled, back from FB and this hacker!

KEEP YOUR EYES OPEN!!! ASK QUESTIONS!!!

[...] this scam was very popular back in January and February of this year, so why is it still happening? The first reports of this scam were back [...]

[...] One article claims that Facebook can’t do much to prevent the hackers. Um, really? Another talks about the social implications of getting hacked. [...]

So this just happened to me today. I signed on and saw it all happening, changed my password and it stopped. So how can it be that they did not get my password? I think that they did. But how? I am very careful … maybe one of those apps … the most recent I had used was ‘what is your Jersey Shore nickname’ stupid, stupid, stupid!

The person never got farther than telling one of my friends that they (I) were stuck in London. After that I kept having to re-sign in and I imagine the same was happening to them. Finally once I changed my password, like I said, it all stopped, but they did defriend the person they were about to hit up for the money.

Tough luck on them, they chose people I barely know or haven’t seen in 20 years, that I would never ever ask for a dime anyway. I hope this is the end of my account being compromised. And I really do want to know how it happened, and if I need to worry about my email accounts as well.

OK so update … even though everything appeared calm, several hours later, Facebook disabled my account anyway! Unbelieveable. Maybe someone reported me, and that’s how long it took FB to get to it? Well, I hope they get to my email and reactivate it within a few hours too! This is not fair. I guess it’s true: what do you want from a free service :(

[...] it is fairly common. Here’s an article describing just about the exact same hack and scam. http://www.techcrunch.com/2009/01/20/latest-facebook-scam-phishers-hit-up-friends-for-cash/ Well, that’s it for [...]

[...] hacked. Apparently Facebook scams very similar to this has been going on for a while. Here’s one and here’s another [...]

It’s understandable once an account is compromised — but the question back to facebook is how it was compromised.

I did not log in from any public computer (that could have stayed connected / saved my password). I do not have an easy-to-guess password.

Yet this happened to me as well.

Please note, they always use chat, which does not generate any activity, so you may not even be aware until your friends call you about it.

I hate it when street orchids rob me.

[...] sites. One scam that has been rampant lately involves compromising a user’s account and using Facebook’s live chat in an attempt to defraud the user’s friends. Dan Hubbard, Websense’s chief technology [...]

[...] not even a professional criminal – there are some genius criminals out there who secretly i admire for their creativity…. hey, it beats the nigerian lottery winners / kings looking to share the weath with their [...]

This happened to me JUST now! The only reason why I knew it wasn’t true is because my friend JUST had a baby and there was NO WAY she was in London. I kept the person going thinking that I was going to send money so that I could figure out how to report this. Something needs to be done soon or I will close out my FB account. It really stinks that our privacy really isn’t private at all!

Just having the same experience right now… who wants to join the chat? I’m having a lot of fun!!!!

I’m having the same experience. Not only did they steal my FB account and get it disabled, but they also stole my friggin’ Gmail account that is associated with my FB account!! I’m waiting to hear back from FB in hopes they’ll restore my account – including the games that I’ve put money into. I had to e-mail them from my other e-mail account (which my sister was using for her FB account). Now she’s letting me user her FB account since she lost interest in it months ago. i’m thankful to her, but it’s just not the same. :( i want *MY* Facebook accuont back. :(

Had a friend get hit by this same thing, and her Gmail account connected to FB was compromised. Don’t know which one got hit first, but I’m guessing Gmail so that the person who hijacked the account could request a password reset for the FB account. Gmail had some security issues recently, but don’t know who was compromised or if it was localized. Just remember reading a bit about it.

Me too! Got my msn account too.

Good luck waiting for Facebook to fix it. I waited a month and a half for them to re-enable my account after it got hacked and they never came through. I followed all the steos on their website and all I ever got were a few very generic emails from facebook saying that they couldn’t fix the problem. I finally just started a new one with a different email.

I just got mine hacked tonight. They also hacked the e-mail account associated with it too. God, I’m so embarrassed. Should I just start another account? I wish I know where these hackers were, I’m just mad enough to do something…>:(

[...] sites. One scam that has been rampant lately involves compromising a user’s account and using Facebook’s live chat in an attempt to defraud the user’s friends. Dan Hubbard, Websense’s chief technology [...]

Its happened to me. my facebook was hacked, and the perp hit up some of my friends for money with the exact dialogue as above. one of the friends I don’t know well enough for her to send me any money, the other was actually in England and was about to come pick “me” up when she finally realized it wasn’t me.

But now, my account is stuck as it were February 2009. This is what bugs me now more than anything.

Does anyone know how I can get my facebook reset?

The hacker didn’t delete it, I know this because every iota of everything I have written, notes, favorite movies, quotes, friends walls, groups Ive joined and created, even my status went from married back to engaged.

The same thing happened to me two days ago: From a not too close friends account: Robbed, injured(!), stuck in London, westernunion, 800£

• Are there any legal steps taken by Facebook?
At least this might happen more often than we all think, and it is in FB’s strong interest to stop scammers and at least his IP address would be available (presumably of an internet cafe).

• Is the London Police able to find scammers like that at all?
I mean, if they only know the place from where it came from, would they technically be able to find such a person? Will they talk to the owner? Will they observe the place? At all?

• Can I or should I contact the authorities in London myself?
If I had fallen for it and had sent the money I guess I would have contacted FB first but then it is the London Police who would have to find the person. And whos turn is it to file against it? And where?

I mean, even if I do not expect the police to actally find the scammer, I think this has to be reported somehow?

[...] TechCrunch posted on this particular scam more than a year [...]

[...] Tech crunch talks about a similar thing. My friend believes that because she  had her phone number and yahoo e-mail on facebook, that they were able to do it. I don’t know about that, but if you get a request for money through facebook, be suspicious. [...]

I just had someone asking me for money because they got mugged in London. I thought I’d goolge this and see what was up. Don’t fall for this one people.

Yeah it’s clear this is happening to allot of people… exactly the same happened to me today, I won’t retell the same old story again.

All I want to know is how the hell they are doing this. Don’t think that all you need is a strong password because mine was a very strong combination of letters/numbers etc. I access Facebook from behind Firewalls on computers with up to date antivirus and I’ve worked in IT for years so I never install crap attached to forwarded emails or dodgy software etc.

This can happen to anyone… so I can only assume there is some common factor between all victims such as a piece of everyday software with some security loophole or perhaps Facebook has some loophole they’re using.

Someone must know!

Jon

This happened to my personal account at facebook when I was out of the country for two weeks in November. This really devastated me and my family members when they got an email that I was in trouble and needed money. they all panicked and my sister got a hold of me after realizing the writing didnt look like mine.

This happened to me yesterday, a couple friends got the same story via Facebook IM and called me, I changed my password immediately but my account was still disabled.

This happened the day after I logged in to Digsby after months of not using it. It’s a IM client that lets you use multiple messaging services though one app. I’d seen a few other people mention in these comments they’d used an external IM client for Facebook chat too (Pidgin was mentioned) before they got nailed. I wonder if that’s the commonality.

I know I’ll be watching the address bar of any site I enter my Facebook credentials now – if it doesn’t say facebook.com, I’m not logging on to it, no matter how legit the site/program might be.

this has happened to me as well and i was really surprised to find so many victims commenting here. is facebook doing anything about this ? I’m thinking of canceling my facebook account after what happened.

Just happened to me today – not my account, but I was on the other end of the chat. Very suspicious and sneaky. Creepy in fact to have been having a conversation with them.

I HADTHIS HAPPEN TO ME YESTERDAY. SOMEONE HACKED MY ACCOUNT AND SENT MY CONTACT LIST THIS EMAIL. THEY SAID I WAS MUGGED IN THEUK AND NEEDED 1800.00 TO GET BACK HOME. IT ALSO SAID THAT I WOULD GET IN TOUCH WITH THEM WHEN I GOT HOME ON THE WEEKEND. ONE THING I HAVE NEVER BEEN TO THE UK.

[...] adding new security features make sure other people don’t login with your account. Given all the phishing attacks that are now commonplace on Facebook (even board member Jim Breyer got hit), better security is [...]

[...] new security features make sure other people don’t login with your account. Given all the phishing attacks that are now commonplace on Facebook (even board member Jim Breyer got hit), better security is [...]

[...] new security features make sure other people don’t login with your account. Given all the phishing attacks that are now commonplace on Facebook (even board member Jim Breyer got hit), better security is [...]

OMG i think i am being scammed right now…i met this guy on datehookup…we've been chatting for over a week now. He told me his late father founded an orphange in nigeria and will go visit it then come meet me in australia.
First he needed $300 to go towrads african taxes, said he would pay it back when he arrives in oz.
Then he arrived in africa and said that his ATM card doesn't work there and cant pay for his hotel or plane ticket and he doesnt have a credit card.
I suggested he go to the US embassy but he gave me different excuses and needs money from me now.
Does anyone know what i can do to to try and catch this person? Or is it best to just let them go?

I also some times received fake emails that seemed to come from the official site (facebook, paypal) which contains a request to update and change my password via reply those emails.

Since the first time I read an email like this, I've been suspicious that this is a fake email. I asked myself: what interests from facebook or paypal to need to know my password? I said myself that there was no interest at all. So this is definitely a fake email. Never respond to emails like this.

Great stuff simply rocking……

Same thing happened to my sister this morning. I did get her facebook and yahoo mail accounts suspended. These jerks should be shot.

same thing happened to me!

I live here in the United States and I was scammed of $1500 here in the US. I was searching for a loan one evening until I went on a message board and obtain the information of LEXINGTON LOAN SERVICE. I was given a $5000 loan and received the funds in 2 days. When I didn’t see the funds in my account, I contacted Mr.Carl by phone and stated that there was hold at the bank. He went down to the bank personally and took care of the issue. The money was in my account the next day. You do have to pay a one time processing fee but it was worth it. I can reassure you that he is a legit lender and contacts you not only by email but on the phone as well. Mr. Frank Larry is someone that cares about getting your loan. Please contact him for your loan needs and you will receive your loan funds in your bank account within 48 hrs. It’s a shame that you have to seek another country and receive loan assistance and can’t get a loan in the United States with bad credit.

barclayhouseofloan@hotmail.com

A simple way to avoid this is to ask your friend to call you if they can’t do this then you know its not them