If you are using Google's Chrome web browser you may notice that it labels this website as 'Not Secure' - that's simply not true. For more info, see: "Google and Http" 

Blog    Tutorials    Old Articles    About Me


If it seems too good to be true....  
By Alan Zisman      2021-02-01

Yesterday, I had an odd conversation, courtesy of Facebook Messages (viewed in my web browser on my laptop). Appearing to be from my Facebook friend, let's just call her 'M', it started off innocuously enough - let me share a series of screen captures:

Screen capture 1
Screen capture 2
Screen capture 3
Screen capture 4
Screen capture 5

Much as I would love to be randomly picked to receive $300,000, I knew it was too good to be true. National Endowment for the Humanities? There IS a US organization of that name - The NEH is a 'grant-making institution of the United States government dedicated to supporting research, education, preservation, and public programs in the humanities.'

But I'm in Canada. (As is 'M'). And how likely is it that an organization that funds (US) scholars would be randomly picking names based on Facebook log-ins and giving out sizeable chunks of money, anyway?

Rather than continue the conversation in Facebook, I collected this set of screen shots (a useful technology skill, perhaps subject of another blog post), and pasted them into an email that I sent off to
'M'. - I try to limit my Facebook 'friends' to people I know in the real world; as a result, I have a way to contact most of them besides Facebook.

She agreed that it was seemed like her Facebook account had been hacked. I went back to the Facebook message stream and suggested that the person posting that they check their email.

A little bit of web search for 'National Endowment for the Humanities Facebook' got a few relevant hits. For instance, there's a March 2020 news release from them warning of fake 'agents' promising cash grants. The NEH press release notes that scammers, contacting potential victims via Facebook, email, texts, and phone - while promising money - are hoping to get victims to send them money 'to pay for associated processing or delivery fees.'

A month after the real NEH issued their press release about scams claiming to represent them, a page was set up on Facebook, claiming to be the National Endowment for the Humanities 'Financial Aid Service':

Screenshot 6

The good news is that it doesn't seem to have been particularly successful - created in April 2020, it is liked by a grand total of 21 people. The only post since its creating is one from October 2020 with the text 'Hello'.

But what should 'M' do, given that her Facebook account was hacked - and has probably been used to contact more than just me?

My advice to 'M' - and to others who have reason to believe that one or more of their online accounts has been compromised is to - right away - change their password for the account.

But 'M' - and everybody - should take steps now to make it harder for scammers to hack their online accounts, without waiting for it to happen.

The option to turn on is known as Two Factor Authentication (2FA) - various forms of this are options that can be set up for Facebook, Google/Gmail, Apple, Twitter, and other online services. All of them work by requiring something else, in addition to your password, whenever your account is accessed from a new device or web browser - that something else can vary: it might require typing in a numerical code sent as a text message to a cell phone number that you've previously provided, for instance. Apple typically pops up a message (with a 6-digit number) on other Apple devices that are logged into your iCloud account. Google just pops up a 'Is that you' notification on my Android phone. Most offer alternative ways users can be contacted, but all make it much more difficult for someone to log onto one of your accounts, pretending to be you.

Like adding a deadbolt to your front door or having to turn off an alarm system when you come home, 2FA can sometimes be a pain. But the added security is worth it. Enable it before your accounts get hacked - or if they've already been hacked, change your password, then enable it. Just do it.

Here's how to enable Two Factor Authentication for various online services:

Older blog postings....

About This Blog...

I've been writing about computers, software, Internet and the rest of technology since 1992, including a 17 year (1995-2012) stint as 'High Tech Office' columnist for Business in Vancouver. This blog includes thoughts on technology, society, and anything else that might interest me. Comments, emailed to alan@zisman.ca are welcome - and may be published in whole or part. You can follow me on Facebook for notice of new blog postings.
AZ Dog Baby