Phishers use Facebook, Your Friends to Perpetrate Scam

SPRING HILL, FL -- Susan Dixon, who runs an Avon store in Spring Hill, has never been to London.

But one day in February, all of her friends on Facebook received messages from Dixon's account, saying she had traveled to London and has lost her credit card. In the message, Dixon asked her friends to wire her money so she could get back home again.

Dixon never wrote that message. Someone had hacked their way into Dixon's account and were sending it out in her name. The hackers were hoping someone would try to wire Dixon money, which the scammers would pocket instead.  

"I'm not sure how they got in," Dixon said, "(but) they were sending out this email."

Carole Sanek, one of Dixon's friends, received the message and knew right away it wasn't true.

"I said immediately that Sue was part of a scam," Sanek remembers. "I knew she wasn't in London, England."

She knew that because she had seen her the day before. So she didn't send any money. Most of Dixon's other friends didn't fall for it either. But one did.

"One very sweet, very Christian woman in the Spring Hill-Brooksville area had gone to the Western Union to transfer the money," Sanek said. "But the Sheriff's Office was able to stop the transfer before it happened."

Dixon had become one of the latest victims in a growing phishing scheme on Facebook called the "London Scam."

"These are social engineering attacks," Greg Pierce, IT security expert at Tribridge in Tampa, said. "If you ask enough people, if you try enough times, you'll find some people who will bite on the information."

Dixon's friends did not lose any money from the scam. But she lost a great deal from her business. She had to close her Facebook account and her Yahoo email account (it was hacked as well). That caused her to lose the rolodex she had built up on both accounts.

"I feel like they have violated me as well as the people I have contact with," Dixon said.

"She's lost - no doubt - money. She lost business contacts. And she may have lost some friends along the way," Sanek said. "People get scared."

According to Pierce, the best way to protect yourself from what happened to Dixon is having a strong password. Hackers are quite adept at guessing passwords, so he suggests using a password with capital and lowercase letters, as well as punctuation and numbers.

ABC Action News asked Facebook what they were doing about the scam. Here is their full response:

"This is a very low-volume attack, affecting only a small number of people. However, we’re concerned about any potential security threat, and we’re taking this issue very seriously. Our team has analyzed the trends of these attacks and is using this information to surface compromised accounts as quickly as possible, hopefully before the scammers get very far. When we find these accounts, we disable them and attempt to get them back to their rightful owner. In many cases, the scammer has changed the password or added a new contact email to attempt to maintain control of the account. To combat this, we notify people when their account is modified and empower them to reverse the changes or disable the account entirely.

We're reminding people to be very suspicious of anyone, even friends, who ask for money over the Internet. Please verify their circumstances through some other means than the web (e.g. call them or mutual friends). If you see something that looks amiss with your account or a friend’s, please report it to us through the form in our Help Center. These and other security tips can be found on our Facebook Security Page We’ve also published a blog post about the scam here.

Specific things users can do to protect themselves:

Be suspicious of anyone – even friends – who ask for money over the Internet. Verify their circumstances independently (e.g. call them or mutual friends).

Choose a strong password and use unique credentials for each of your web accounts (we believe users are being phished on one site, and the bad guys are then trying those credentials on another).

Use an up-to-date browser that features an anti-phishing blacklist.

Use and run anti-virus on your machine.

Reset your Facebook password if you suspect your account has been compromised.

Specific actions Facebook has taken:

Adjusted and updated our sophisticated security systems to also detect and defeat these smaller-scale attacks

Improved our prioritization systems so we can help impacted users more quickly

Instituted changes to notify users when their account is modified and empower them to reverse the changes or disable the account

Worked with law enforcement to investigate cases and with Western Union (a wire transfer company commonly used by the scammers) to improve education. With our help, Western Union has posted a warning about this scam to its own website here: Western Union has also alerted its branches in London, where the scammers are picking up the money.