Angela Mullen didn’t give it a second thought when she received a Facebook message from her best friend Sarah.
It became even more interesting when it contained a link to a site where she was reliably informed she was in line for a £250,000 windfall from a worldwide Facebook promotion.
But within a day of clicking on it she realised she’d been conned by sophisticated social media fraudsters, who’d hacked into her Facebook account and tricked her into handing over nearly £2,000.
The 55-year-old Fareham supermarket checkout supervisor’s troubles started at the beginning of July, when the spoof message from her long-time friend ‘Sarah’, who lives in south Wales, arrived in her Messenger inbox.
It was so convincing it even contained her friend’s name and Facebook profile picture, so she had no reason to suspect it wasn’t genuine.
On opening the linked page, she couldn’t believe her luck when she was informed she was in line to win a monthly quarter-of-a-million-pound cash giveaway.
‘In the immediate excitement I was just blown away,’ she said. ‘I’d been doing a couple of tickets on the national lottery for years but only ever won a few quid.
‘When the promotional offer appeared alongside a photograph of the Facebook co-founder Mark Zuckerberg I admit I fell for it without a second thought.
‘In my job you have to be pretty clued up on IT but the approach was just unbelievably clever and the level of sophistication was enough to be initially convincing even to the knowledgeable.
‘I now know I got carried away because the original message looked as if it had come from Sarah and I didn’t even to begin to question it. I just began to think about paying off the mortgage and all the things I could do with the money.
‘It’s essential that people should be warned because what I hadn’t realised at the time was my Facebook account had been hacked and Sarah’s name had been extracted from my contacts list to send me the bogus message.
‘It’s despicable. They were basically manipulating the trust I have in her.
‘The material included a Facebook branded winning certificate confirming I’d won the £250,000 prize and what I needed to do to claim it.
‘Another message and photograph quickly arrived in my personal email inbox from someone describing himself as an online Facebook “agent” - James Martinez.
‘We engaged in an online chat about the security measures he insisted were necessary to establish my identity and entitlement to the prize.
‘Mr Martinez said I had to email him back to confirm my home address, my current income, and a scanned copy of my passport details.
‘I was then asked to forward £627 to him via the Western Union international money transfer service as an upfront US state tax payment.
‘He added that if I paid a “clearance fee” of £1,320 within 24 hours my mythical winnings would be transferred to my bank account on the very same day.’
‘But once I transferred the money and began to think about it overnight I began to smell a rat. The following morning I asked Western Union to stop the payment but by that time the money had already found its way into a USA account.’
Angela is far from alone in falling for Facebook fraudsters. The global people platform has more than 1.5bn users, millions of whom are online at any one time engaging with people and browsing every single day.
Unsurprisingly, its success has been exploited by determined fraudsters who once they’ve infiltrated an account, can then access the user’s online friends and contacts creating multiple scamming opportunities to harvest sensitive personal information.
It’s simply not true that you can win tickets for top music festivals, airlines are giving away free business class flights, that Asda and Lidl are doling out free shopping vouchers, or Tui are offering gratis holidays to exotic destinations.
These are examples of convincing scams by Facebook fraudsters who’ve cloned pages from trusted brands in search of comments, likes, and shares, from unwitting users.
Streetwise contacted security experts to try to get a picture of why Facebook had become a magnet for cybercriminals who see its users as active targets.
Top technology firm Cisco says the primary objective of online fraudsters is to make money by constantly developing technological and innovative ways of carrying out security attacks that increase their efficiency and profits.
According to Internet security specialists AVG, even the attractive Facebook quizzes and surveys people delight in completing and sharing pose an ever-present and dangerous threat to their security.
They point out that social engineering platforms are dominated by surveys that promise free things but are used to obtain personal identifiable information about the user with the intent to defraud.
Consumers readily click ‘accept’ on Facebook apps and quizzes without giving it a second thought that they’ve provided an open invitation by determined thieves to infiltrate their accounts, or plant malicious malware to rip them off. There was no substitute for user awareness and vigilance.
Recently Facebook stepped up their efforts to tackle cybercrime by introducing an account helpline and removing reported suspect sites from their network.
Angela reported the scam to Action Fraud, the national police fraud centre, and trading standards eCrime team, and cancelled her passport.
She was told there was little chance something could be done to recover her money once it has gone overseas
‘I can’t tell you how gutted and ashamed I feel about falling for this con trick,’ she said.
‘In future I’ll always take your advice. Never click on links, and if I’m attracted to an online promotion I’ll first check that it’s genuine before I part with any money.
‘As a responsible person I just felt it my duty to warn people, that however much you think you’re clued up when online, it only takes one unguarded moment to be taken in.’