The phenomenon started with email and even cell phone texts, but is now branching out to Facebook and Myspace.
The thief first breaks an account (Facebook, Myspace, etc.) and then uses some of the key information like email delivery destination. The hijacker then sends out a bulletin, status line, or other mass broadcast from the site urging friends to come help.
When friends come to help, they are given a story about the person being stranded somewhere and needing help getting home. In one case, the hijacker claimed that he was robbed at gunpoint in London and had only his passport and nothing else and needed money to get home. Another claimed he had lost his bags to a taxi thief and had a $2,400 hotel bill and return airfare to pay.
In many cases, friends come to help without question, sending wire transfers, overnighting cashiers checks, and so forth.
The Better Business Bureau has issued a warning on their website about the phenomenon, targeting Facebook’s users specifically. The BBB reports that the instances on Facebook are the fastest-growing in this fraud trend.
The extortion isn’t limited to money. In one case, a Wisconsin man posed as a woman on Facebook to get teenage boys to send him naked photos of themselves. Others have used it to heap abuse or make character attacks on other users or people.
Two ways to stay safe from this phenomenon: keep your accounts private and keep your security software updated.
Using passwords that contain no dictionary words, mixtures of letters and numbers (i.e. âˆšÂ¢â€šÃ‡Â¨â‰ˆÃ¬L5xiN09âˆšÂ¢â€šÃ‡Â¨Â¬Ã¹ as opposed to âˆšÂ¢â€šÃ‡Â¨â‰ˆÃ¬Ilike42âˆšÂ¢â€šÃ‡Â¨Â¬Ã¹), etc. is recommended and changing passwords regularly is also encouraged. Don’t discuss passwords or give them out to friends or family and leave provisions in your will or other legal documents to have your accounts closed upon your death.
Keeping your anti-virus, firewalls, and other security software updated is also important. Some of these hackers have used simple keystroke recorders and basic snoop intrusions to find out passwords. This is especially true if the perpetrator knows the victim.
For Facebook’s part, their spokesman Barry Schnitt has said that they are implementing new security measures including better email-switching schema to better protect accounts. They work closely with those who’ve been hacked to quickly take care of it. A Seattle man whose account was hacked contacted Facebook and had his account suspended within a day, to prevent the hacker from continuing his charade.
Obviously, the best way to keep from falling for this is to never respond to these calls for help and to make a phone call or talk to the person face-to-face before sending any money or to warn them of their account’s violation.
The is a serious phenomenon, though currently it affects less than 1% of Facebook’s users and instances on Myspace are even more rare. The medium of choice appears to still be email.