A Friend Needs Money Urgently? You're Probably Getting Scammed

Friend Money ScamPeople need to be on the lookout for phishing attacks sent from legitimate but compromised social media accounts, according to Paul Ducklin at Naked Security. Ducklin describes a scam sent in by a reader who received an unexpected message from one of their Facebook friends. The message said, “Hi [name]. Hope you’re all well. Do you use online banking? I need help paying a bill.” The recipient recognized that it was a scam, but continued the conversation to find out what the scammer would say.

The scammer went on to explain that they had locked themselves out of their banking account until midnight and needed to borrow £290 to pay a bill. The recipient asked for more details, and the scammer said they had taken out a loan from a real banking startup based in the UK.

“The situation here is plausible – anyone who has ever been forced to take out a short-term ‘payday loan’ will know that fees mount up quickly for missed payments – and many of us might decide that helping out a friend or family member is something we ought to do,” Ducklin explains.

Ducklin stresses that people need to be particularly vigilant for phishing attacks that come from their friends’ compromised accounts:

  • “Always check your facts before you help friends in trouble. But take care how you get hold of a friend you’re worried about – never reply directly to an online account that could have been hacked. Find another way to contact your friend, based on information that you already have in your possession.
  • “Let your friends know if you think they’ve been hacked. But never reply using the account that’s been hacked or else you are just tipping off the scammers. Find a different way to get hold of them, such as a phone call, where you’ll have a way to satisfy yourself you really are talking to them.
  • “Use a password manager and 2FA to make it harder for the scammers. A password manager stops you putting real passwords into fake sites, which helps prevent you getting phished. And using 2FA means that your password alone is not enough for scammers to log in to your account.
  • “Report scams if you can. It might not feel as though you are doing much to help, but if many people provide some evidence, there is a least a chance of doing something about it. On the other hand, if no one says anything, then nothing will or can be done.”

New-school security awareness training can help your employees defend themselves against scams in their personal and professional lives.

Naked Security has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Topics: Phishing

Subscribe To Our Blog

Cybersecurity Awareness Month 2021 Free Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews