Facebook is arguably one of the safer corners of the Internet, with fairly complex security and privacy controls. But when passwords get busted, even on Facebook, not everyone is whom they’re pretending to be. Like a Nigerian scammer, posing only slightly convincingly as one of your real-life friends, trying to get you to send them a $900 wire transfer.
A former university colleague (“Evan”) passed along this Facebook conversation, which he promises really happened to him. In it, a scammer takes over one of his real-world friend’s accounts (“Calvin”), pretends to be stranded in London, and asks for money to get a plane ticket and pay hotel bills.
We’ve asked Facebook about how common these types of scams are — one made the rounds last November — and what they do about them. (Update: Facebook response below.) In the meantime, a friendly reminder to be sceptical on the Internet, even when you think you’re talking to someone you’ve known for years.
Evan: holy moly. what’s up man?
Calvin: i need your help urgently
Evan: yes sir
Calvin: am stuck here in london
Calvin: yes i came here for a vacation
Calvin: on my process coming back home i was robbed inside the hotel i loged in
Evan: ok so what do you need
Calvin: can you loan me $900 to get a return ticket back home and pay my hotel bills
Evan: i think so. that really sucks
Calvin: can you loam me now
Evan: well maybe i don’t know that’s a lot of $
Calvin: how can you loan me?
Evan: what do you want me to do
Calvin: i want you to loan me $900
Calvin: i promise i pay you back
Evan: how do you want me to loan it to you?
Calvin: you can have the money send via western union
Evan: oh yeah that’s true
Calvin: will you go and send it now
Evan: well i don’t know
Calvin: you can have it send online now www.westernunion.com
Evan: damn how did you get stuck there
Calvin: i came here for a vacation and i was robbed by some gang
Evan: ok well i want to help you, since we’re friends
Calvin: ok. Thanks
Evan: sure thing man
Evan: ok one question
Calvin: are you sending it now?
Evan: what was the name of our high school mascot?
Calvin: Shawnee Mission Northwest High ’01
Evan: what? i know
Calvin: it seems you dont to help
Evan: what of course i do want to help
Calvin: am in a hot sits here and you asking me silly question
Evan: what is hot sits
Calvin: am dead here
Evan: i hope you die there
good luck finding someone stupid
(a few minutes later)
Evan: oh wait. i just realised what an idiot you are and its actually kind of funny
Calvin: are you not dead
Evan: who taught you english?
Calvin: my sister#
Evan: your english is bad
it does not sound like the english of someone from the us
so no one will believe you
Calvin: how can you teach me
Evan: ok i will. but you have to send me $900.
Calvin: they dont send western union here
we only receive
Evan: what country are you in?
Evan: i have bad news for you
many americans know about nigerians sending emails to this country to try to get money
Evan: it is a trick that we know about so we are very careful
Evan: you will not find a stupid person to send you money
Calvin: i have got some
Evan: well good job
Evan: do you live in lagos or in another city?
how did you got to know
Evan: i am a student of the world
i would like to travel to lagos
Calvin: lagos is a place to be
so full of enjoyment
so when are you coming
Evan: why do you steal money from people?
Calvin: i need money for my college fees
but i wanna stop
i promise i will stop
but you people slave us
during the 60s
Evan: we did not have slaves in the 60s
Calvin: but you about the slave trade
Evan: yes that is true
but slaves have been illegal here for almost 150 years
Calvin: i can see that you ae a law student
why can’t you become a lawyer
Evan: i will be a lawyer in 2 years when i finish school
Evan: how old are you?
i need work
i eed a god job
Evan: there are many nigerians in america
do you know anyone who has gone to another country?
Calvin: i know there many nigerian that is in america
i want to come to america
to complte my education
Evan: maybe i will visit someday
i hope you don’t steal any more money
good luck finding a job
Calvin: sure…. you will love it
Evan: what is your name?
Evan: i must go tunde
be well my friend
Calvin: cant we be friend
can you add me on your facebook friends
Evan: i am sorry, but due to the odd circumstances of our initial greeting, i must terminate this relationship. i hope you understand.
Calvin: am sorry for that evan
Evan: as am i, tunde
as am i
Update: Facebook responds. As expected, this isn’t too common.
This is a very low volume attack, affecting only a small number of users, but the potential impact to an individual user is high so we’re taking it very seriously.
Our team has already detected various trends in the accounts of users who have been compromised. We’re using this data to quickly surface compromised accounts, ideally before the spammers have gotten very far. When we find compromised accounts or they are brought to our attention, we’re working to make sure the accounts get back to their rightful owners as soon as possible.
First, we are disabling the account because, in some cases, the spammer has added a new contact email address and removed the old one. We then ask that the rightful owner to contact our user operations team via this contact form: http://www.facebook.com/help/contact.php?show_form=account_compromised.
We’re reminding users to be very suspicious of anyone, even friends, who ask you over the Internet to send money. Please verify their circumstances through some other means than the web (e.g. call them or mutual friends). If you see something that looks amiss with any of your friend’s accounts, please report it to us through one of the contact forms on the site.
These and other security tips can be found on our security page (http://www.facebook.com/security).