What the Tech: Recognizing Facebook scams
I didn’t get a friend request from a Jayden K. Smith this week, but you’d think every one of my friends did. Like yours maybe, my newsfeed was covered with "Don’t accept a friend request from Jayden K. Smith, he’s a hacker".
I did get a request from a Lacy Andrews. I could post her name and profile picture publicly in this story because she doesn’t exist. Her profile picture is one I found on several websites and originally sold as a stock photo.
Her ‘About’ section was blank. There was one post on her timeline; a photo of Taylor Swift. It was obvious that Lacy Andrews’ Facebook account was fake but it didn’t stop 7 of my friends from accepting her friend request. Why? Because her profile picture was of an attractive young woman (you know how guys are). So why the fake account? What’s the purpose? What does someone gain by sending out hundreds or thousands of other requests of fake accounts?
As you probably have heard, a viral post warning users of a hacker named Jayden K Smith has been making the rounds on Facebook. It went something like this:
“Please tell all the contacts in your Messenger list, not to accept Jayden K Smith friendship request. He is a hacker and has the system connected to your Facebook account. If one of your contacts accepts it, you will also be hacked, so make sure that all your friends know it. Thanks. Forwarded as received.”
By now I’m sure you’ve heard it’s all a hoax. Facebook confirmed it and said it’s almost identical to other hoaxes that get passed around every now and then.
Some news outlets report that it’s a hoax, saying there’s no way a hacker could gain access to your computer because you accepted a friend request. That’s not quite true.
Here’s how this scam works and why you should care:
Bad guy sends out a friend request to a random person on Facebook.
They accept it. Now the bad guy (not exactly a hacker) looks at their list of friends and sends them friend requests. Of course some of those friends will see they have mutual connections and will accept it too. So bad guy has a list of people who know each other.
What can they do from there? Several things:
1: Post something to Facebook that all those friends will see, that contains a link to a website or pdf that contains a malicious code. Anyone who clicks on the site will install malware on their computer which, in fact, can gain control of their computer. It’s called ransomware and it’ll lock up the computer and force the victim to pay a ransom to get their files back. The FBI says ransomware is spreading and that soon, 1 in 3 people will have their computers infected with it.
2: They can get enough information from some of those friends to begin stealing their identities. Many people share their email address, physical address, phone number, and birthday. They know the names of their children and what they look like and where they go to school. They also can see when they’re on vacation and have left their house empty.
3: Create a duplicate account of one or more of those friends. You’ve no doubt seen examples of this scheme. They download someone’s profile picture and any other photos that are shared publicly, create the fake account and send out friend requests to their already connected friends. Then they’ll begin sending messages to those friends, often times asking for money.
Not long ago I received one of those friend requests from someone pretending to be my aunt. Then they sent me a message. I knew it was a fake account but I carried on the conversation, asking about my cousins and her husband. Of course, they figured out who I was talking about by looking at my aunt’s friends list and carried on the conversation for several minutes. Then, she told me she had won a lot of money and that I did too and if I clicked on some other guy’s Facebook page I could collect $25,000.
Yes, this most recent viral warning message is a hoax but that doesn’t mean accepting a friend request from someone you don’t know won’t hurt you. It can.