Got a Facebook message from a friend claiming to have been stranded overseas and asking for money to cover his hotel bill or air ticket home? Beware. His account could have been used by hackers to make such an appeal. A couple of years ago, hackers were breaking into e-mails accounts and using them to claim that the account-holder was stranded overseas and needed money wired over. Now, Facebook accounts are fast beoming a preferred target.
Mr Graham Cluley, a senior technology consultant at information technology security and control firm Sophos, said it is “quite a common scam at the moment” because hackers can easily contact all the account-holder’s friends and lace the message with loads of personal information gleaned from the account. Sometimes, the scammers wait for a reply before giving instructions; at other times, they ask outright for the money to be transferred via money-transfer services company Western Union. IT security specialists say such scams are happening worldwide, but no one is tracking the numbers and most cases go unreported.
Mr Venga Tan, a 28-year-old management executive, had his e-mail, instant messaging and Facebook accounts hacked into while he was in Thailand over the Singapore National Day long weekend. He had logged on to those accounts from his hotel room, but later lost access to them. He put it down to a technical glitch, and realized his accounts had been intruded into only upon his return to Singapore last Thursday – when his friends called to check whether he was really stranded in London and needed £1,450 wired there.
Experts advise account-holders to protect themselves by picking strong passwords. This means not using dictionary words or numbers in running sequence, for instance. They should also update the security patches for their anti-virus and anti-spyware programs, and create different passwords for their various accounts so that should one account get compromised, the other remain protected. One in three people disregard this tip and use the same password for all the websites they access, an online survey by Sophos found out in March.
In Mr Tan’s case, the initial message was sent from his e-mail account, but follow-up messages were sent from his Facebook account to give the impression that his appeal was bona fide. Of course, hackers cannot boast a 100 per cent success rate. Mr Tan’s friends, for example, were not duped. About 300 of them had received the scam message, and as far he knows, none fell for it and wired money overseas; seven responded to the message by asking for more information.
Mr Tan managed to recover his e-mail and instant messaging accounts by contacting his e-mail provider, Windows Live Hotmail, which required him to answer more than 10 questions to verify his identity. As he had used his Hotmail account to register with Facebook, he was also able to get this Facebook password reset. He has since created more complex passwords and now uses different ones for his accounts.
What if you were to get one of these stuck-in-a-country messages? Speak to your friends, said Mr Cluley. And don’t reply directly via e-mail, advised Mr Gerard Tan, who heads the Association of Information Security Professionals here in Singapore. This is because the hacker can capture some of your e-mail account information from that.
By Ang Yiyin, The Straits Times