The next time you receive an unsolicited invitation to connect on Facebook or LinkedIn, I suggest that you the do an online Google search before accepting — even if the requests come from a “friend”. This is because online scammers are getting increasingly sophisticated and are now adopting a 2-phase attack.
As netizens have become increasingly wary of online scams, the success rates of the Nigerian 419 scams (or advance fee con) is falling. Fraudsters are now forced to work harder to connect with you. In the past month alone, I have received half a dozen friend requests which I have determined are from fake accounts.
The Two-Phase Attack
In the two-phase attack, online scammers first create a fake account based on someone relatively well-known (or someone you personally know). In recent months, members of the Hong Kong Hang Seng Bank have been used for this.
Using publicly available information, the scammers create a clone Facebook or LinkedIn account. As the account is based on “real” information, a cursory look will trick the marks into believing that the account is real and therefore accept the invitation to connect.
Once the connection is made, the scammers are now in your “inner circle” and any information you unwitting share with your friends on Facebook or LinkedIn can be mined to be exploited at a later date. In fact, because you are now shown as a “connection”, you have become an unwitting pawn in their scam. Their subsequent invitations to connect with your friends will be more readily believed.
With phase one of the attack completed, the scammers will now use the information that they have gained to launch their attack. One such scam which they run is a variation of the advance fee con. Based on your travel information, they will send an email to your friends claiming that “you” were robbed and urgently need money to get back home. As the attack is coming from “within”, chances are that the mark’s defenses will be down increasingly the likelihood of success. The narrative is credible as the mark would have likely seen you posting about your overseas trip.
In short, as netizens become more wary of online scams, scammers have had to up their game. Due to the enormous amount of information available online, and the ease with which anyone can create an online identity, not everyone is who they say they are. So always be careful who you connect with online. When in doubt, Google the person’s name with the word scam (eg. sarah catherine legg scam).