ALAN ZISMAN ON
TECHNOLOGY
This morning's Facebook Messenger scam
By Alan Zisman © 2021-12-13
This morning's scam started several weeks ago. On November 27, in my Facebook messages, I received a message request, from an Instagram account apparently belonging to an old friend of mine, who we'll call 'Eliza Greatly' (not her real name).
Facebook owns Instagram (along with the popular WhatsApp messaging service) and it seems like Instagram users can message Facebook users. I've known Eliza for decades, and we're Facebook friends.
So, at 5.12 a.m., eliza_greatly0992 messaged me:
-- How are you Alan ?
Facebook informed me that I didn't follow this user, who had 3 followers and 0 posts on Instagram. Nevertheless, a few hours later (I'm rarely up and onlined at 5 a.m.) I replied (somewhat guardedly) to their somewhat generic message:
-- Just fine, considering.... and you?
By replying, I was, in effect, giving them permission to continue the conversation - and more. Facebook noted: 'You can now message and call each other and see info like Active Status and when you've read messages'.
'Eliza' replied:
-- Am highly favored to be on top of the ground and to be in my rights mind. Thank the lord for blessing me keeping me safe and your family?
While that didn't sound like the Eliza I've known, a few days later, I replied:
-- All are well, thanks...
That was it until Saturday, Dec 11, at 11.20 p.m. when 'Eliza' got back to me:
-- It's good to hear from you.Just wondering if you had about the ongoing (COVIC 19 GRANT RELEIF FUNDS)federal federal government grant
I didn't notice that message for a couple of days, but this morning, I replied to it, which started a bit of a back and and forth:
-- No, I know nothing about federal grants. Do you know where to get more information? Though frankly, we probably shouldn't be eligible.
-- The program is for everyone, a
friend of mine that received his own told me about the program and gave
me the agent number in charge of the grant Delivery
-- And I applied for it the same day and they delivered it to my house the exact time he told me they will deliver it
-- The COVIC 19 GRANT RELIEF FUNDS ?They are Helping the old,Retired, widowed,disable, citizen,hard hearing , You can use the money for anything , pay bills or debt , start a new business , buy a car , or pay medical bills ,Getting a new home, available for both youth and Workers, retired .I got the sum of $80,000 when i apply for the program.
-- Should I send you the delivery agent number that helped me to applied for mine ?
-- Website for more info please...
-- I only have the agent number , but they are very honest , because they delivered the grant to me in my house the exact time he told me they will be here
-- I will get you the number
now , and you can contact the number just text them that you want to
apply for the ongoing covic 19 grant relief funds , and if they asked
how you get the news tell them I gave you there number that I also
received it from them
-- The will deliver it the exact time they promised
-- 7208930499
-- Here is there number the attorney name in charge of the grant is Anthony Eric
By this point, I had stopped replying - a few hours later, I saw:
-- Did you hear from him yet ?
I could have ignored the original November 27 5.12 a.m. message, though it's possible that Eliza had opened up a new Instagram account and was trying to connect it with people she knew.
Their reply to me certainly didn't sound like Eliza - both because of the religious content and the grammatical errors and awkwardness. (Eliza had been a journalist).
The later messages were full of spelling and grammar errors - for instance: 'COVIC 19 GRANT RELEIF FUNDS'. For a long time, there have been suggestions that spam and scam emails can be recognized by their mistakes in standard English. I wouldn't necessarily count on that: scammy appeals in correct English are certainly possible.
More to the point is the cliche that if something sounds too good to be true it probably isn't.
$80,000 delivered to the door, just a phone call away? From a government program that I'd never heard that relies on word of mouth (or in this case online message) communication?
Sorry, but I don't think so.
How did this mystery Instagram account get my name and Facebook account?
A while back, I heard on Facebook that my friend Eliza thought that her account had been 'hacked', something that quite a few of my Facebook friends have reported. She did what many people do, but what I think is a mistake - she started a new Facebook account, and tried to notify her Facebook friends and contents to use the new account.
The result of this is confusion - which is the right account to use, Eliza? Which of the similar-looking photos of you is the right one? And it abandons the old account for the scammers to use to get in touch with your Facebook contacts, using your name and photo - or to set up new accounts based on your name using some other photo of yours.
(I often see folks posting on Facebook warning that a mystery account using their name and photo is sending friend requests asking their FB contacts to 'friend' the new account).
Instead, if you think your Facebook account has been compromised, take the following steps at once:
1) Change your Facebook password. Go to your Facebook settings and choose Security then click on Password. (If whomever has hacked your account has changed the password you have a different problem).
2) Enable 'Two-factor authentication' (sometimes referred to as '2FA') - also on the Settings/Security page. This makes it more difficult for anyone to access your Facebook account, even if they know your password, by requiring an additional step that requires a device that you own.
Typically, it's done in one of two ways. Most common is for Facebook to send a text message (SMS) to your cell phone, with a 6-digit code number; when you - or a stranger - are logging into your Facebook account for the first time on a new device, the text message automatically is sent out and you're not allowed to access your account until you enter the code.
That's a bit of a pain if it's really you trying to get onto Facebook on your new laptop or tablet or on a computer at a public library (or even trying to access Facebook on your old device using a different web browser or app) - but it pretty effectively blocks out a stranger who doesn't have access to your cell phone.
Some people, though, feel uncomfortable giving Facebook their cell phone number (though Facebook requested a phone number when you initially created your account, so they may already have that number). As an alternative, you can use codes generated by one of several 'authenticator' apps on your iOS or Android phone or tablet. (Options include Authy, Google Authenticator, and Microsoft Authenticator). Each of these gets set up connecting the app on your phone/tablet to your Facebook account, then can generate code numbers that can be entered when demanded.
Using such an app again means that a stranger trying to access your account needs access to your other device - something that's pretty unlikely. Using an authenticator app means you're not tied to a single cell phone number; I get a new local number when I'm travelling, so getting a text message at a North American number is no help when I have (for instance) a local Italian SIM in my phone.
When you enter a 2FA code - whether the code is from a text message or an authenticator app - there's an option to 'remember this device' so you only have to enter a code once.
(2FA is not only for Facebook - I strongly recommend you set it up for your Gmail and other email accounts, for Apple's iCloud, in fact for any online service that offers it as an option... most 'authenticator' apps can be used with multiple services).
For more on 2FA, see How to Set Up Facebook Two-Factor Authentication (2FA). Note that Google calls it 'Two Step Verification' for its services like Gmail).
3) Report you hacked account to Facebook at https://www.facebook.com/hacked This gives you a variety of options:
That page can also be used if you think your password was changed and you're unable to log into your Facebook account.
So the take-aways are:
-- if something is too good to be true, it's not!
-- protect your online account with two-factor authentication
-- you can take action if your account has been hacked - but with 2FA it's less likely that you'll have to!
(By the way, in February this year, I posted about another Facebook Messenger scam, this one promising $300,000 from the US National Endowment for the Humanities....)
Older blog postings....
This morning's Facebook Messenger scam
By Alan Zisman © 2021-12-13
This morning's scam started several weeks ago. On November 27, in my Facebook messages, I received a message request, from an Instagram account apparently belonging to an old friend of mine, who we'll call 'Eliza Greatly' (not her real name).
Facebook owns Instagram (along with the popular WhatsApp messaging service) and it seems like Instagram users can message Facebook users. I've known Eliza for decades, and we're Facebook friends.
So, at 5.12 a.m., eliza_greatly0992 messaged me:
-- How are you Alan ?
Facebook informed me that I didn't follow this user, who had 3 followers and 0 posts on Instagram. Nevertheless, a few hours later (I'm rarely up and onlined at 5 a.m.) I replied (somewhat guardedly) to their somewhat generic message:
-- Just fine, considering.... and you?
By replying, I was, in effect, giving them permission to continue the conversation - and more. Facebook noted: 'You can now message and call each other and see info like Active Status and when you've read messages'.
'Eliza' replied:-- Am highly favored to be on top of the ground and to be in my rights mind. Thank the lord for blessing me keeping me safe and your family?
While that didn't sound like the Eliza I've known, a few days later, I replied:
-- All are well, thanks...
That was it until Saturday, Dec 11, at 11.20 p.m. when 'Eliza' got back to me:
-- It's good to hear from you.Just wondering if you had about the ongoing (COVIC 19 GRANT RELEIF FUNDS)federal federal government grant
I didn't notice that message for a couple of days, but this morning, I replied to it, which started a bit of a back and and forth:
-- No, I know nothing about federal grants. Do you know where to get more information? Though frankly, we probably shouldn't be eligible.
-- The program is for everyone, a
friend of mine that received his own told me about the program and gave
me the agent number in charge of the grant Delivery-- And I applied for it the same day and they delivered it to my house the exact time he told me they will deliver it
-- The COVIC 19 GRANT RELIEF FUNDS ?They are Helping the old,Retired, widowed,disable, citizen,hard hearing , You can use the money for anything , pay bills or debt , start a new business , buy a car , or pay medical bills ,Getting a new home, available for both youth and Workers, retired .I got the sum of $80,000 when i apply for the program.
-- Should I send you the delivery agent number that helped me to applied for mine ?
-- Website for more info please...
-- I only have the agent number , but they are very honest , because they delivered the grant to me in my house the exact time he told me they will be here
-- I will get you the number
now , and you can contact the number just text them that you want to
apply for the ongoing covic 19 grant relief funds , and if they asked
how you get the news tell them I gave you there number that I also
received it from them-- The will deliver it the exact time they promised
-- 7208930499
-- Here is there number the attorney name in charge of the grant is Anthony Eric
By this point, I had stopped replying - a few hours later, I saw:
-- Did you hear from him yet ?
I could have ignored the original November 27 5.12 a.m. message, though it's possible that Eliza had opened up a new Instagram account and was trying to connect it with people she knew.
Their reply to me certainly didn't sound like Eliza - both because of the religious content and the grammatical errors and awkwardness. (Eliza had been a journalist).
The later messages were full of spelling and grammar errors - for instance: 'COVIC 19 GRANT RELEIF FUNDS'. For a long time, there have been suggestions that spam and scam emails can be recognized by their mistakes in standard English. I wouldn't necessarily count on that: scammy appeals in correct English are certainly possible.
More to the point is the cliche that if something sounds too good to be true it probably isn't.
$80,000 delivered to the door, just a phone call away? From a government program that I'd never heard that relies on word of mouth (or in this case online message) communication?
Sorry, but I don't think so.
How did this mystery Instagram account get my name and Facebook account?
A while back, I heard on Facebook that my friend Eliza thought that her account had been 'hacked', something that quite a few of my Facebook friends have reported. She did what many people do, but what I think is a mistake - she started a new Facebook account, and tried to notify her Facebook friends and contents to use the new account.
The result of this is confusion - which is the right account to use, Eliza? Which of the similar-looking photos of you is the right one? And it abandons the old account for the scammers to use to get in touch with your Facebook contacts, using your name and photo - or to set up new accounts based on your name using some other photo of yours.
(I often see folks posting on Facebook warning that a mystery account using their name and photo is sending friend requests asking their FB contacts to 'friend' the new account).
Instead, if you think your Facebook account has been compromised, take the following steps at once:
1) Change your Facebook password. Go to your Facebook settings and choose Security then click on Password. (If whomever has hacked your account has changed the password you have a different problem).
2) Enable 'Two-factor authentication' (sometimes referred to as '2FA') - also on the Settings/Security page. This makes it more difficult for anyone to access your Facebook account, even if they know your password, by requiring an additional step that requires a device that you own.
Typically, it's done in one of two ways. Most common is for Facebook to send a text message (SMS) to your cell phone, with a 6-digit code number; when you - or a stranger - are logging into your Facebook account for the first time on a new device, the text message automatically is sent out and you're not allowed to access your account until you enter the code.
That's a bit of a pain if it's really you trying to get onto Facebook on your new laptop or tablet or on a computer at a public library (or even trying to access Facebook on your old device using a different web browser or app) - but it pretty effectively blocks out a stranger who doesn't have access to your cell phone.
Some people, though, feel uncomfortable giving Facebook their cell phone number (though Facebook requested a phone number when you initially created your account, so they may already have that number). As an alternative, you can use codes generated by one of several 'authenticator' apps on your iOS or Android phone or tablet. (Options include Authy, Google Authenticator, and Microsoft Authenticator). Each of these gets set up connecting the app on your phone/tablet to your Facebook account, then can generate code numbers that can be entered when demanded.
Using such an app again means that a stranger trying to access your account needs access to your other device - something that's pretty unlikely. Using an authenticator app means you're not tied to a single cell phone number; I get a new local number when I'm travelling, so getting a text message at a North American number is no help when I have (for instance) a local Italian SIM in my phone.
When you enter a 2FA code - whether the code is from a text message or an authenticator app - there's an option to 'remember this device' so you only have to enter a code once.
(2FA is not only for Facebook - I strongly recommend you set it up for your Gmail and other email accounts, for Apple's iCloud, in fact for any online service that offers it as an option... most 'authenticator' apps can be used with multiple services).
For more on 2FA, see How to Set Up Facebook Two-Factor Authentication (2FA). Note that Google calls it 'Two Step Verification' for its services like Gmail).
3) Report you hacked account to Facebook at https://www.facebook.com/hacked This gives you a variety of options:
That page can also be used if you think your password was changed and you're unable to log into your Facebook account.
So the take-aways are:
-- if something is too good to be true, it's not!
-- protect your online account with two-factor authentication
-- you can take action if your account has been hacked - but with 2FA it's less likely that you'll have to!
(By the way, in February this year, I posted about another Facebook Messenger scam, this one promising $300,000 from the US National Endowment for the Humanities....)
Older blog postings....
| About This Blog... I've been writing about computers, software, Internet and the rest of technology since 1992, including a 17 year (1995-2012) stint as 'High Tech Office' columnist for Business in Vancouver. This blog includes thoughts on technology, society, and anything else that might interest me. Comments, emailed to alan@zisman.ca are welcome - and may be published in whole or part. You can follow me on Facebook for notice of new blog postings. |
 |