By Charles Miller
Every few days I receive an email forwarded from a good friend. The appended question is always the same: “what should I do with this?” My answer is almost always the same: “it’s a scam!” I used to receive a follow-up email from her saying “but it says urgent!” or “it says my bank account will be frozen if I don’t respond today!” My answer was still the same: “it’s a scam!”
Email scams are so prevalent that some people receive more scam emails than legitimate ones. This has prompted some users to abandon using email in favor of one of the many messaging apps, but unfortunately the scam artists are following.
Over the last few months a well-written phishing message sent via Facebook Messenger has scammed more than 10 million users. These Facebook users have been tricked into revealing their account password to the scammers who then use those hacked accounts to send out more scam messages to all the user’s friends. This is why you cannot trust any message; especially if it comes from someone you don’t know and trust. It is also why, if you are one of my friends and you let yourself be hacked, you might receive a phone call from me asking “Did you send me a message at 3:28am offering me a $100 Amazon gift certificate if I tell you my date of birth and Social Security Number?” In other words, before I click on anything I phone my friend to verify they really sent me that message.
Getting back to the Facebook problem, the company has a huge dilemma on its hands. This phishing scam is particularly effective because it sends links from the genuine accounts of your friends who have been hacked. When a victim clicks on a malicious link in Facebook Messenger, this initiates a chain of connections to valid “app deployment” services before eventually connecting to a malicious site. This makes it almost impossible for Facebook to police. Therefore the first few connections used by cyber crooks are the same as used by completely legitimate Facebook advertisers. Perhaps it would be more accurate to point out that as cyber crooks cleverly use the same channels as used by legitimate advertisers, it is nearly impossible for Facebook to implement technical means to block only the crooks. Facebook is perhaps understandably reluctant to take steps to stop this scam because doing so could cost the company millions per day in lost revenue from its advertisers. As long as this situation exists, scams using these phishing tactics will continue to flourish on Facebook.
These suggestions should be part of your daily habit when receiving any odd or unknown emails: First, speak to the person who (allegedly) sent you the message. Second, look for the two frequently seen characteristics in scams; offers that are TGTBT (too good to be true) or urgent deadlines (call today or your bank account will be frozen). And third, always be suspicious of any emails or messages containing links. Unfortunately, it is not safe to click on links and there is no way to make it safe; so do not click on links.
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981 and now practically a full-time resident. He may be contacted at 415-101-8528 or email FAQ8@SMAguru.com.
