Highway Robbery in a Digital Age
Main Content
Hello SIU Network Community
The IT Security Team is on an awareness campaign concerning the dangerous nature of malware, crimeware and how computer users are tricked into revealing sensitive information. The follow excerpt is from an SIU student who was tricked into wiring money to a “friend… in trouble”. The SIU student submitted this brief report to a LAN Administrator as a means of getting the word out to other people and also gave permission to publish the report. The bad guy/gal in this case was very compelling which speaks to the time and planning dedicated to developing their scams. The following has been sanitized to protect the victims of this crime.
I thought you might like to know that, although this is not siumed related, I responded to an instant message while on facebook (here at siu) from my friend, Sally Smith, a former siumed student. I thought she was in trouble in England while on spring break, and without thinking, wired money because we instant chatted and she said she was mugged. I came to find out later that Sally's facebook account was hacked as was her email account and the hacker posed as her. Of course, I had no idea and the hacker wiped all of her contacts so she had no way of notifying everyone to caution them that they may be phished or scammed. It turns out that I was apparently only one of two people in Sally's address list who were physically contacted, and only I responded by sending money. All of her other contacts were contacted via her email account.
I filed a police report, a fraud report with the wiring company and will be faxing a dispute to my financial institution Monday. Needless to say, in addition to feeling embarrassed and betrayed, I feel as though if FACEBOOK can't keep their accounts from being hacked, and/or if they can't at least tell when an account has been hacked and notify the account's contacts that someone's account was hacked and to not respond to so and so if they contact you for ANY reason, how can we trust anything technological? I learned the hard way that we can't really, and I considered myself a relatively careful user. I know I have to do my due diligence, but enough was said that I thought I was talking to Sally. The hacker even emailed my non siumed account (which I did not give them during the conversation) thanking me for my help!
I just wanted to let you know in case you wanted to send a cautionary tale to people not to trust anything anyone sends them if it entails money, account, passwords/numbers, social security numbers, pin codes, etc. Because I did not know the exact nature of the phishing scams on facebook, I didn't recognize it when I saw one.
Sincerely,
The criminal element will stop at nothing to steal from you. In this case, an emotional response was elicited by claiming to have been “mugged” and being stranded in a foreign country. Don’t be fooled! Find an independent means of verification. In this case, the stranded friend could have been asked to visit a US Consulate for assistance and to help verify their predicament to their friends and family at home.
This is just one more example of the vital importance of keeping your computer and sensitive data secure. The fundamental steps to follow are; use strong passwords/passphrases, keep your computer operating system and third party applications patched, keeping the firewall on and keeping you antivirus software running and up-to-date.