During the years that I have been writing Scamicide I have written many times about various Facebook scams. The reason for this is that with 2.8 billion users, Facebook is obviously popular and anything popular with that many people will be sought after as a vehicle for scammers to scam people. People are reporting being contacted through Facebook and told that their name is included on a list of winners of a Facebook lottery. Often the message appears to come from a trusted friend when the truth is that the trusted friend’s account had been hacked and used to send out the message to lure people into becoming victims of the scam. Once you click on a link in the message, it takes you to a phony Facebook Lottery website filled with photos of other lucky winners. You are then prompted to search for your name on a winner’s list on the website. Of course, your name appears. You are then instructed to complete a Status Verification form, after which you are told that you will need to pay various delivery and insurance fees before you can receive you prize. You also may be asked for personal information. Ultimately, there is no prize, the money you send to cover insurance and delivery fees is lost forever and if you provide personal information, it is used to make you a victim of identity theft.
A strong password and security question can help increase your security on Facebook. Unfortunately, however, a very simple flaw in Facebook procedures allows a hacker to get access to your account and the ability to change your password after the hacker is unable to answer your security question merely by having the hacker provide three “friends” with Facebook accounts to whom Facebook will send security codes that the hacker can use to gain access to your account and change your password. The hacker, of course, has already set up Facebook accounts for three phony “friends” to whom Facebook will send the security codes which can be used to hack your account. Other times, the personal information that is readily available about people on line is sufficient to answer the security question. Regardless of how the account is hacked into, the result can bring an increased risk of identity theft to your real friends who may trust a message from you that contains a link with dangerous keystroke logging malware that can result in your real friend’s computer being infiltrated and all of the information on it stolen such as Social Security number, account passwords and credit card numbers that can result in identity theft.
Be careful what personal information you put on Facebook. Always consider how that information can be used against you to make you a victim of identity theft. When setting up a security question, pick an answer that is nonsensical to protect it from hackers, such as “Where did I go to High School?” with an answer of “blue.” Finally and most importantly, never, and I mean never, click on links in messages that you receive unless you are absolutely sure that they are legitimate. Merely because a message appears to be from a friend does not mean that the friend actually sent it. His or her account may have been hacked or they may even be passing on tainted material without knowing it. Never click on a link until you are absolutely sure that it is legitimate. Call your friend to confirm that the message was from them and confirm from where they got the link they are sending to make sure that it is legitimate. It may seem paranoid, but even paranoids have enemies.
As for this phony lottery scam, as with all lottery scams, it is important to remember that it is hard to win a lottery and it is impossible to win one that you have never entered. Also, no legitimate lottery asks for payments in order to claim your prize.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”