How I Nearly Got Swindled Out Of $1500 Via Facebook Chat But Instead Scared The Living Daylights Out Of A Hacker // Plasticmind Blog

How I Nearly Got Swindled Out Of $1500 Via Facebook Chat But Instead Scared The Living Daylights Out Of A Hacker

So the other day, I was working hard, minding my own business when suddenly a Facebook chat message from an old college friend popped up on Adium. I hadn’t talked to this friend since college, so I was a bit surprised when I received his message.

It started ordinary enough, a quick exchange of greetings. But soon I discovered that my friend Luke Le Duc wasn’t doing so well. Turns out he and his wife had been visiting a resort in London and had been mugged. All of their belongings had been stolen, Luke had been slightly injured and the police were unable to apprehend the thieves. He asked if I could send him money to help cover the costs of getting back.

My spidey sense started to tingle; several things didn’t seem right about this. Why wasn’t he contacting family or closer friends? His phrasing was unusual and he made strange grammatical flaws. There was no indication on his wall that he or his wife’s wall that they were traveling which was odd since he was using Facebook to reach out for help. Plus, Luke is a Presbyterian minister, and everyone knows that Presbyterians don’t have fun, especially the kind of fun that involves European resorts.

But I didn’t want to leave a friend in a bad situation, so I told him I’d help but I wanted to verify first. He gave me a number where he could presumably be reached (009447024083642). I tried calling via Skype then on my cell, but it wasn’t going through. He insisted that the number was correct. He was rushing me, which also made it seem even fishier. So I posted a simple message on his wall about how sorry I was that he had gotten mugged. I figured if it really was Luke chatting with me, it wouldn’t hurt to post a message; if it wasn’t, Luke would get notified pretty quickly via email.

Because I couldn’t get the call to go through, I told him that if he sent me a message from the Gmail account listed in his profile, I’d send him the money. (Granted, his Gmail account could have been hacked as well, but I thought both being compromised would be less likely.) The person I was chatting with got upset and implied that I was calling him a liar and disconnected. This set off alarms in my head so I sent a message to Luke’s wife and left a voicemail at the church where he works.

A few minutes later, the hacker came back online. I jumped back in and told him that I had the funds ready to go, but that he had left so quickly I didn’t know how much to send or where to send it. I dangled the carrot by telling him that would send the funds as soon as I received an email from Luke’s gmail account. He told me to send $1500, gave me the Western Union information and assured me he was sending the message:

Name: Luke Leduc
Address: 212 park will hill
City: London , England
Zipcode: SW7 5RN
Country: United Kingdom
Txt Question: who send money
Answer: you

I checked my mail and behold, a message from Luke Le Duc! In the time it took for us to have our conversation, our hacker had registered a Gmail account that was 1 letter off from the one listed in Luke’s Facebook profile and had sent me this message:

Title: I NEED YOUR HELP

Sequel to our help upon which i just wanted to confirm you that i was the one writing you , so go and send us the money now $1500.

Thanks

This was the nail in the coffin, I knew I was dealing with a hacker. So I ended our chat with a bit of grandstanding: “I’ve notified Luke, his wife and the authorities. I’ve also tracked your IP address.” At which point our hacker friend immediately disconnected. I had a brief conversation with Luke later that day and he has since cleaned house and changed all his passwords.

You can read the full transcript of our conversation here.

Moral of the story: Your identity matters, even on Facebook. A hacker only needs one compromised part of your identity to start worming his way into the rest (much like the recent Twitter break-in). Your passwords should be like your underwear: hard to guess, private and changed often.

Updates: Looks like I’m not the only one experiencing this London Mugging Facebook Scam:

Sky News: Facebook Scam: ‘I’ve Been Mugged In London’
TechCrunch: Latest Facebook Scam: Phishers Hit Up “Friends” for Cash
News.com.au: Facebook accounts hacked by scammers seeking money in London
Darkreading: Facebook Scam: I’m Stranded In London. Send Money!

posted on 18 August 2009
by Jesse

Comments (9)
in the chapter, "Social Networking"
tagged with facebook, hack, london, security

InterAction:

18 August 20091. Michael Kozakewich:

I'll add the point that even though most people can't handle many passwords before forgetting them left and right, it still pays to put your money-based accounts (banks, paypal, etc) on a different password than your social sites (facebook, twitter, etc). If you're signing up with some random untrusted site somewhere, it's best to use a throw-away password that won't matter if it's stolen by whoever runs the site.

18 August 20092. Michael Kozakewich:

By the way, your Preview/Post buttons are broken.

18 August 20093. MikeyAmes:

Funny boy.
That is how Luke writes when he is under stress.
Thanks for sharing :)

18 August 20094. Luke Le Duc:

Thanks, Jesse!
I really appreciate you taking the time to hack off the hacker.

Now...to defend my Presbyterian honor :-)

You said:
"Luke is a Presbyterian minister, and everyone knows that Presbyterians don’t have fun, especially the kind of fun that involves European resorts."

I just wanted to make the point that John Knox, under the persecutions of Bloody Mary in the 16th century, fled to Calvin's Geneva (think European Resort - unless your name is Servetus) where he spent a few years learning him some Presbyterian Polity. So in a sense, Presbyterian history is inextricably linked with fun at a resort :-)

Thanks, again! Good to reconnect, even if it was under these crazy circumstances!

18 August 20095. Jesse Gardner:

Michael: Thanks for catching the button issue. It has been resolved!

20 August 20096. Nehemiah:

Nice catch Jesse. It would be even cooler to counter-rig the situation so you could get these people turned in to the authorities with incriminating evidence. Not sure how to do that though.