Yesterday I was posting messages on Facebook that would probably go viral, turn enemies into friends, end racism, and achieve world peace. Although I don’t commonly use the Messenger component of Facebook, a “friend” started a conversation. It began with typical pleasantries but quickly turned weird:
My “friend” turned the conversation to the 2020 Social Grant Assistance Package. Several thoughts went through my head. Was my friend referring to the CARES Act stimulus checks? Did my friend accidentally mistake me for my retired parents? Why was my friend messaging me about this at all (it was an unusual topic for that person to address)?
After I replied “No, I don’t even know what that is”, the reply went into detail about how I may be missing out on $90,000 which almost certainly convinced me that my friend’s Facebook account was hacked, and this was a scam attempt. I called my friend—no reply, so I left a voice message. Then I emailed my friend a screenshot of the conversation. Meanwhile, I asked the alleged scammer to provide the names of my friend’s children, to which the scammer provided the wrong answer despite presumably having access to my friend’s entire Facebook profile.
My friend eventually replied and confirmed that this was in fact a scam. Impersonating someone in a live chat to scam their contacts is quite an audacious approach that I personally haven’t seen before, although it is certainly not very surprising since the ability to do that has been around for a couple of decades. This is just a warning to folks on Facebook and other social media platforms to be careful online.
“Social engineering” refers to exploitation through the use of human psychology as opposed to technical hacking techniques. The term was popularized by Kevin Mitnick, a famous computer hacker who, after his release from prison, helps companies defend against social engineering attacks. Although Mitnick does have technical computing expertise, it was his ability to impersonate and deceive people that made his hacking so effective. Check out this video for more:
For those interested, there is a related book called The Art of Deception. While I was unlikely to fall victim to such a poorly executed social engineering attempt on Facebook, there may be unsuspecting individuals who will surrender personal information and/or money to these kinds of scams. Long story short, humans are often the weakest link when it comes to security breaches. The same principle can apply to scams, so be careful out there.
No comments:
Post a Comment