Security Awareness Training Blog

    OK, Guys, this one is for you. Yes, you. The guy who keeps friending strange women on Facebook

    dislike_FacebookThis was sent to me by a friend that I know is legit. It's a fun read and has some good tips on how to stay safe using social media.

    "OK, Guys, this one is for you. Yes, you. The guy who keeps friending strange women on Facebook who "just want to talk" or even better, they want to become your online girlfriend!

    It's ALL a lie: pictures, gender, location. All they really want is your money or your friend list so they can build a clientele of people to scam. Plus, they want the credibility of being connected to you so all your friends will think they are legit.

    There's really only two outcomes of you friending them and talking with them:

    1. They will take your money.
    2. They will steal someone else's money on your good name.

    How do I know this?

    Here we go:

    As many of you know, I'm an IT guy and I'm always looking at ways people use social engineering to hack into networks, accounts, etc. So I did some pretty intensive research on these so called "women" for several months. I figured out how to identify IP addresses linked to FB messenger conversations.

    Most of them appeared to be using Proxy IP addresses, but I was able to trace two of them back to ***CHINA***. Who knew? All of the individuals were not in the place they said they were. Go figure.

    These women all seemed to use the same verbiage to start every conversation:

    Them: "Hi. How are you doing?"

    Me: "Good, you?"

    Them: "I'm in Texas City where are you?"

    (Note: no answer to my question - a standard problem with these conversations)

    Me: "I'm near Austin"

    Them: "What are you doing now?"

    Me: "Working"

    I've had this conversation probably 25 times out of the 30 or so I've chatted with. Sometimes when I stop answering, they would start the same chain over again the next time they started chatting with me. I often wondered if it was an automatic response system or if I got someone new who had to start the script again because they didn't even know what they were typing.

    I also noticed after talking to quite a few (leading them on) that when I said the right buzzwords, I would apparently get transferred to someone else. The first person could barely converse in English, then after I started to sound "interested", they would suddenly become very conversant in English, start using full sentences with Texas style words, and would end up being somewhere less than 300 miles away and often within 100 miles.

    Of course, this too was a lie. Note, it was often that they would tell me they lived somewhere other than what their profile said - a common deflection attempt to keep from having someone connect who might figure them out.

    I am an expert at Google maps... and one of them tried to convince me they knew all about Austin by sending me Streets view pictures from Google saying it was pics taken on a smartphone... When I said something about that looking like Streets View, they blocked me instantly.

    I figured out that one of their goals is to get you off FB/Messenger and to use Google Hangouts where 2 out of 3 would attempt to pressure me to stop using FB. Why? I'm convinced it was so they could hack my FB account. I personally have nearly 3,000 friends. I'm a prime target because that's a lot of people to spread their lying "virus" to. So I get hit up constantly.

    There's one problem for them. I use 2 factor authentication for my social media. I highly recommend it! As soon at they figure that out, they are gone or block me. Just like that.

    Of the 30 or so that I've "hooked" into a conversation - Only one appeared to be real. But even that one was trying to get me to buy her birthday presents or other crap. So pretty much still a professional swindler and got blocked.

    I also had several situations where I was talking to 2 or 3 at once separately. But when one of them found out that I was on to them, all 3 blocked me at the same time. Yes, either they were all in the same room, or they were all connected through the same organization.

    And the last weird thing I noticed from my conversations was when I was talking to one, their FB account was "taken over" by an African lady. And instead of this individual trying to get their account back, they wanted to switch to Google Hangouts and stop using FB because "this happens all the time!". The real story is that the African lady got her account back and the hacker had to jump to Google to keep from being detected.

    How to identify:

    1. The name on their profile doesn't match the name in URL in the address bar. For instance, Liza William's name in their address bar might be Ogobe.Gegoa or something like that. In fact, it's common that Africans from Kenya are having their accounts hacked, bringing us to the next point.
    2. Their profile doesn't match the posts in the past. You'll see these nice pictures of a decently dressed (not scantily clad) Caucasian young lady of her and her dog. But when you scroll back several months you'll see selfie pictures of a black African obviously from somewhere in Africa, usually Kenya where technology is common. This unfortunate individual obviously didn't have their account properly protected and so the account was stolen from them.
    3. Pay attention to their name: Taylor is a common last name, Williams too is probably even more common as I've talked to several where Williams was their last name. Usually the name will match someone famous, either their first name or their last name. Be on the lookout for these.
    4. Beware Phishing. I've seen people I've friended who had very little traffic in their accounts have their account hacked by these characters and then that person messages me out of the blue trying to "sell" me something where I would have to put my credit card in online. Yes, this is simply a phishing attempt through Social Media. When I said something, the "friend" immediately blocked me. I contacted one of their other close friends and told them what was going on and the account was shut down.

    Conclusions:

    1. I doubt this has anything to do with ISIS - (silly rumor going around).
    2. They are out to steal money.
    3. They are out to steal your account and use it to phish your friends.

    What you can do:

    • Stop accepting anyone and everyone as a friend and block any of them who start talking nonsense in messenger.
    • Get your account setup with 2 factor authentication for ALL of your social media accounts.
    • If your friend suddenly sends you something that is out of character - Contact Your Friend Immediately By Some Other Means. Do not use their FB account. If it's a casual friend who you've never really messaged before, block them. Don't ignore them, block them.
    • Stop talking to people on FB who you don't know or didn't friend - sometimes they'll message you without being your friend.

    Of course, you can lock down your FB account so this kind of thing isn't as likely. But if you're like me, you want to connect to people who are like-minded and you don't want to keep people from seeing your posts so you can make new friends and influence people. In this case, just being smart and careful with who you friend and who you talk to will go a long way, but adding 2-factor authentication will stop these attacks cold as well.

    Be safe out there!" - Mike.

     

    Return To KnowBe4 Security Blog

    Topics: Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews