ANALYSIS: Scammers are spoofing the Facebook user’s account names to engage in phony Messenger conversations to phish for information. Here’s how to stop it
Once upon a time, in another millennium and on another planet, a famous politician used the words, “Trust, but verify.” Those days of genteel conversation are long gone, but those words of advice still apply, especially when we confront social media and other forms of digital communications.
This came to mind a few days ago when my boss, eWEEK editor-in-chief, John Pallatto, showed up on Facebook Messenger. While we had been friends on Facebook itself for years, John hadn’t been on Messenger, so I dropped him a profound greeting. “Hi John,” I said.
We began a desultory conversation, and after a few words, I began to wonder if the “John” communicating with me by Messenger was really the same one I worked with at eWEEK. Once he began discussing how I could be come rich, it was clear that the John I knew wasn’t writing these messages.
It could only be one of two things. Pallatto’s account had been hacked or he was being spoofed. So I dropped him an email letting him know what I’d found. He replied that he already knew his account was being spoofed and was trying to shut down the imposter.
I investigated the alleged account in detail (at least as much as you can on social media) and it appeared that he was probably right. The account under his name had no Facebook profile, and there was no other background that would indicate authenticity.
Then I found out from Pallatto that Scott Mace, another journalist we both knew, had suffered the same problem a couple of weeks previously. Scott had found out the same way John did. His friends told him about it.
The problem for Scott and then for John, was that there didn’t appear to be an obvious way to do anything about it, at least not directly. Meanwhile, the bogus John was sending me get-rich-quick schemes. So I got in touch with the folks at Facebook to find out what to do about fakes.
The first step, according to the Facebook spokesperson, is to determine if they really are someone you know by looking at their photo and seeing if there’s a Facebook account to go with it. If you can’t tell from looking at Facebook Messenger, then go to your contact’s Facebook account. If you click and see the conversation show up it means your Facebook friend has likely been hacked. You can report this to Facebook as such.
If it’s an imposter, then you won’t see the conversation. Go back to Messenger and block the account. This will prevent annoying messages and it will send a message to Facebook engineers that there’s something going on.
If the person is apparently trying to run a phishing operation, as it was in this most recent case, Facebook suggests you go to their page about the topic, under the heading, “What can I do about phishing?” There’s an email address where you can report phishing as well, email@example.com.
Originally published on eWeek