The scammer quickly messaged after the friend request was accepted. Photo / 123RF
The scammer quickly messaged after the friend request was accepted. Photo / 123RF
The summer break has meant re-acquainting myself with Facebook. You might want to try to stay away from the social network, only to be told to “look us up on Facebook” when you try to find details for a company or event - or they only use Facebook Messenger.
href="https://www.nzherald.co.nz/topic/facebook/" target="_blank">Facebook is where lots of local news and events are published, often with no alternative outlet.
So there I was, looking up when a village produce market was on, when a friend request arrived.
Oddly enough, it’s from a person I thought I was already friends with on Facebook. Not someone I knew very well, but the account has several mutual acquaintances and they too are friends with the person. Twice in fact, which is strange.
Long story short, this was a “cloned” Facebook account, with a scammer who quickly messaged after the friend request was accepted. Going along with the scam, waiting until the bogus “friend” became active in a non-New Zealand time zone, I asked why he had two accounts.
“My old account got a Trojan virus,” the person said, confirming the scam with a response that the real person, a hardcore geek, would never utter because it’s nonsense.
Next, the impersonated person discovered what was going on and warned others on Facebook.
That post attracted other scammers in droves offering their crocodile-tear sympathies while saying the victim should contact this and that user on Instagram or Facebook who can “restore access to hacked accounts” (they can’t; stay away from these people).
Oh dear. I posted on Facebook about this and quickly got the same sort of scammy responses from bot accounts. It suggests the social network has a programmatic way to monitor user accounts everywhere for that particular topic as the replies came from users with odd names that I’ve not ever interacted with.
The invite from "Gordon McLauchlan" - a scammer who had cloned the late writer's Facebook account.
That would’ve been the end of that, but then another friend request arrived from “Gordon William McLauchlan”. Yes, Gordon McLauchlan the writer, someone I was Facebook friends with. Was, as Gordon passed away in January 2020.
This time around, the bogus profile was pretty basic, with only one picture stolen from McLauchlan’s real page and it was a rather obvious fake.
The appalling, passionless people who coldly go about their digital larceny target Facebook users with long lists of friends that are public, so that anyone can view them. A fix of sorts is to not have public Facebook friends listings, to avoid having your account cloned. However, this is only really effective if your Facebook connections follow suit.
There’s also always the danger of some accounts that you’re already friends with being compromised by scammers, who will then take advantage of already being connected, with the additional trust that that brings. This would get around target accounts being locked down as well.
Nothing’s sacred or safe on the internet, and the rest of the web isn’t any better than Facebook; it’s worse in fact, if the security vendor research media releases are to be believed - and ignoring some of the misleading advice in them, like the HTTPS prefix in links indicating that sites are secure. It only means scammers have added a digital certificate for encryption, without which modern browsers will refuse to connect to websites.
The issue here is, as always, that it’s easy and cheap to abuse the direct connections to people that power the internet, at an enormous scale and profit.
Watch this space explode over the next little while, as the United States presidential election campaign revs up with misinformation-threat actors armed with artificial intelligence tools attempting to get their insurrectionist candidate re-elected.
Ironically, tech giants like Facebook are arguably the best placed to act on the vast amount of bogosity out there. They have vast amounts of user behaviour data to analyse, not just for marketing and ad sales, but for authenticity as well.
This is happening to a degree already, mainly for security purposes and to sink influence-peddling campaigns. Extending analytical tech to make it harder and costlier for scammed money to flow as easily as it does currently is probably possible too, but there’s the privacy elephant in the room to consider.
Don’t forget, the social networks already know too much about you, and leaking that information to all and sundry is very much part of the problem.
There are no easy answers to this but meanwhile, be careful with those out-of-the-blue friend requests and definitely double-check anything that looks even vaguely weird.
