I recently got an unusual email from a friend I don't hear from very often. The message described a desperate scenario where he and his wife had been mugged, beaten, and robbed. While his wife was lying in the hospital with broken ribs, he was trying to check out of their hotel, but without money or credit cards, this was proving difficult. The gist of the message was that they needed money fast to settle with the hotel and catch their flight home. Callous and heartless person that I am, I chuckled and went about my day.
I did feel badly for my friend -- who was obviously having a very bad day. But not for a minute did I think he was stranded in Wales. This sort of Facebook/email con has become so rampant that I don't believe these pleas any more than I believe that Nigerian princess.
Oh sure, I felt a tinge of pity. But only because the message contained enough personal information to make it evident that his email account -- and perhaps Facebook -- had been hacked. His wife's name was dropped and the location for the "crisis" was a spot they had recently visited. But the message itself was absurd and too illiterate to have been written by a college-educated, native English speaker. Who checks into a hotel without giving a credit card first? Why would anyone be desperate to catch a flight while his wife was still in the hospital? And even under duress, who hits Send on a mass email message that reads, "The ribs bone was brake."
Besides, I'd already heard this con. I noticed when I stopped by his Facebook wall -- where, of course, he had announced that he was fine -- so had everyone else.
According to the results of a Social Network Fraud survey, more than 24 million U.S. adults still leave their social network profiles public, often unknowingly revealing key pieces of information to fraudsters like this one. Con artists use this information to guess at passwords and leap past challenge questions. In this case, it was an email account that was compromised -- a treasure trove of personal information.
After that fell, the fraudster hit Facebook to chat friends directly asking for cash. In the hands of a clever con with a working knowledge of English, hotel practices, and how husbands act when their wife is in the hospital, I hate to imagine how much damage could have been wreaked before this would-be thief was chased out of the virtual room. With that much access and a few con-artist skills this fraudster might have scored big.
I'm aware that Web-savvy users -- especially you IT types -- knows to watch out for requests for personal information, money, or anything that might be too much to give a stranger, even if those requests seem to come from someone you know. But do you take the time to educate the people who regularly ask you for technical assistance?
According to a recent survey by ID Analytics, there is still plenty of work to be done on the education front. The survey found that nearly 70 million U.S. adults on social networking sites share their birthplace on their profiles even though birthplace is one of the most common security questions asked by financial institutions to verify identity. The problem, according to Thomas Oscherwitz, chief privacy officer for ID Analytics, is that people mentally compartmentalize these parts of their life: what they say to their friends and accessing their bank's website.