Facebook and the Money Transfer Scam (and deactiviation)

This morning I was caught up in Money Transfer scam involving a friends hacked account.

It works like this: First a cybercriminal hacks someones facebook account – unfortunately this can happen in many ways so I’m not going into details about this. Secondly they hang around on facebook chat until a friend connects then they make up some sob story. Quite quickly this will lead to some reason why you need to immediately wire over 150 (pounds, dollars, camels, whatever…).

What follows is the chat I had with someone pretending to be a friend of mine.

At first I thought it was genuine but it quickly became apparent that this was a con. I had a quick look on facebook while I was still chatting with them to see if there was any reports of similar and there was, hidden away in there help section was a section on “Money Transfer Scam” (here). When I found this I thought it would be a good idea to contact the Facebook team directly, I was just trying to keep him connected while I located an address I could use (unbelievably difficult). Eventually I thought I’d found the right one, I filled in some details expecting (well actually, I didn’t really expect) a quick reply… within seconds… my account had been deactivated (Brilliant – still not heard anything from them four days later). When my account was deactivated obviously the scammer probably just moved on to someone else…

Anyway, below is the chat I had with the scammer. It’s possible this is a bot but I discount this as the interaction seems better than anything I’ve ever seen if it is. I’ve added some thoughts in too.

(10:21:07 AM) TR:
Hey Mathew..are you there?
(10:21:07 AM) TR:
Hey Mathew..are you there?

(First comment appears twice, he spells my name wrong, plus no-one calls me by my full name. I’m already thinking something isn’t right.)

(10:21:29 AM) Me:
(10:21:58 AM) TR:
how are u buddy?
(10:22:13 AM) Me:
Ok Thanks.
(10:22:17 AM) Me:
How are you doing?>#
(10:22:45 AM) TR:
not so good Bud.
(10:23:02 AM) Me:
What is the problem?
(10:23:39 AM) TR:
just lost some few cash to some young lads
(10:23:55 AM) Me:
(10:24:32 AM) TR:
yeah…but not too bothered
(10:24:47 AM) TR:
all cash and mobile is gone..
(10:25:04 AM) TR:
i almost poo in ma panties

(That’s the sob story here. Pretty convincing so far)

(10:25:26 AM) Me:
You want to get a posse together and we’ll hunt them donw
(10:25:53 AM) Me:
I take it you are still in Manchester…

(I throw in a couple of bad jokes to lighten the mood… but he takes them seriously and answers)

(10:26:08 AM) TR:
they are far gone mate..been trying to catch some friends online to seek for some help
(10:26:17 AM) TR:
nope..on way home
(10:26:29 AM) Me:
Can I do anything?
(10:26:27 AM) TR:
aston villa

(Just from those last lines proves to me that it’s not some kind of bot… however, one of replies says just Aston Villa and doesn’t seem to fit in with the flow of conversation. Aston Villa comes straight off TR’s profile page under the “religon” (actually the football team TR supports!).

(10:26:54 AM) TR:
if you wish buddy…i would def refund asap i get home
(10:27:35 AM) TR:
you could just loan me some 150..ok
(10:28:12 AM) Me:
Seriously? You want £150?
(10:28:18 AM) TR:

(So they want 150 – notice they don’t specify a currency but i do – At this point I’m asking myself, all his money has gone, presumembly his wallet too, and he want’s me to send him enough money to get him a short holiday… what’s this all about?)

(10:28:47 AM) Me:
Amd how would I do that?
(10:29:08 AM) TR:
i got my ID ..you could just wire to me
(10:31:45 AM) Me:
Please explain
(10:32:10 AM) TR:
Bud..you ever used western union?
(10:32:21 AM) Me:
(10:32:39 AM) TR:
(10:32:47 AM) TR:
follow that link…
(10:35:26 AM) Me:
just a sec then

(So I need to wire him so cash and somehow he’ll be able to use that to get home… he’s pretty much lost any faith I may have had, but I throw in an “tester” just to check)

(10:37:55 AM) Me:
So why you in Aston Villa? rugby again?
(10:38:06 AM) TR:
(10:38:17 AM) Me:

(The real TR is a football supporter… most people in britain would have known that Aston Villa is famous for Football, but I guess the spammer is trying to give as little information as possible – although, I’m sure TR’s real profile would have told him…)

(10:39:15 AM) Me:
So what’s your western thingy ID?
(10:39:47 AM) TR:
just my name

(This is interesting as the scammer’s already set up an account on Western Union with TR’s name – almost certainly to use it multiple times)

(10:45:15 AM) Me:
It’s taking ages just to sign up for this f-ing thing
(10:45:48 AM) TR:
use your mobile buddy..that is easier

(You can see here that I’m trying to hold him up, but he doesn’t seem to notice. Unfortunately this is the point when I’m kicked out of Facebook)

Hope that helps others be a little more cautious (and the bullies at Facebook let me back in…)

