Member-only story
The next time you receive an unsolicited invitation to connect on Facebook or LinkedIn, I suggest that you do an online Google search before accepting — even if the requests come from a “friend”. This is because online scammers are getting increasingly sophisticated and are now adopting multi-phase attacks.
As netizens have become increasingly wary of online scams, the success rate of the Nigerian 419 scams (or advance fee con) is falling. Fraudsters are now forced to work harder to connect with you. In the past month alone, I have received half a dozen friend requests which I have determined are from fake accounts.
The Two-Phase Attack
In the two-phase attack, online scammers first create a fake account based on someone relatively well-known (or someone you personally know). In recent months, members of the Hong Kong Hang Seng Bank have been used for this.
Using publicly available information, the scammers create a clone Facebook or LinkedIn account. As the account is based on real information, a cursory look will trick the marks into believing that the account is real and therefore accept the invitation to connect.
Once the connection is made, the scammers are now in your “inner circle” and any information you unwitting share with your friends on Facebook or LinkedIn can be mined to be…
