Do you really think Mark Zuckberg is going to personally message you in the middle of the night to tell you that you’ve won $750,000 in a Facebook lottery?
No? Well, you read security blogs, so let’s instead turn our attention to people who don’t, because they’re the juicy prey that hundreds of fake Zucks and fake Sheryl Sandbergs are targeting.
Not including fan pages and satire accounts—which are OK with Facebook policies—the New York Times has found 205 accounts impersonating Facebook CEO Mark Zuckerberg and COO Sheryl Sandberg on Facebook and Instagram.
At least 51 of the impostor accounts the newspaper spotted, including 43 on Instagram, were lottery scams.
Cut some slack for those who fell for one of the frauds. One victim, retired forklift driver and Army veteran Gary Bernhardt, asked us to consider: Is it that hard to believe that Zuck himself would message you?
After all, this is the hands-on guy who last year set himself a challenge to visit all the US states he’s never been to. And, during the tour, to work on a car assembly line, hang out with a fireman in Indiana, feed a calf, drive a tractor, have lunch with farmers, and speak with recovering opioid addicts.
Bernhardt told the Times that he was up until dawn, trading messages with whoever was pretending to be the young billionaire. The faux Zuck told him that in order to get at his winnings, he’d first need to send in $200 in iTunes gift cards.
Bernhardt picked up some gift cards at a gas station and sent the redemption codes to the scammer’s account. That was in November 2017. By January, he still didn’t have his lottery winnings, but the imposter had bled him for another $1310. He told the Times that the money represented about a third of his Social Security checks over three months.
The Times claims that these imposter accounts are proliferating, in spite of Facebook groups that track scams and complaints about imposter accounts that date back to 2010. You can see sample Facebook lottery hoaxes on Hoax Slayer and other debunking sites.
Stealing a photo of a famous CEO or COO or, really, anybody who has photos online is plenty easy. So is cooking up a variation on the names of the sheep whose skins the wolves put on.
The Times found accounts for many variations on the name “Mark Elliot.” (Zuck’s middle name is Elliot.) Ditto for Sandberg, or, as the crooks like to call her and hope you’ll swallow, Sherryl Sandbarg, Sherryl Sandbeerg or similar name-twists.
Times reporter Jack Nicas came up with these fake accounts, among many others, after Facebook recently said that up to 3%—or 60 million—of its accounts are fake:
Let’s discuss Facebook’s issue with fake accounts… After Facebook recently said that up to 3% of its accounts ar… twitter.com/i/web/status/9…
Jack Nicas (@jacknicas) April 25, 2018
The Times reported its findings to Facebook. A day later, the company took down all 96 fake Zuckerberg and Sandberg accounts. All but one of the 109 Instagram fake accounts were left up, but they too came down after the Times published its report.
Facebook spokesman Pete Voss thanked the newspaper for its report, though he couldn’t explain why Facebook hadn’t spotted scam accounts made to look like its top executives, including some that were up for more than eight years.
It’s not easy. We want to get better.
The real photos and the twisted names all give the come-ons an air of authenticity if you don’t look closely, or if you’re one of the demographics the fraudsters target. Namely, after interviewing a half dozen recent victims, the Times found that the scams are working with older, less educated and low-income people.
The imposters’ believability is bolstered by networks of other sham accounts posing as “Facebook claim agents”, a title made to make it sound as if, sure, there really is such a thing as a Facebook lottery.
The Times talked to Robin Alexander van der Kieft, who manages several Facebook groups that track the scams. He said that the fake accounts, several of which he’s traced to Nigeria and Ghana via IP address, share their scam victories with each other.
Facebook has admitted that all these fake accounts are a problem. During the recent testimony he gave to the Senate, Zuckerberg told Sen. Dianne Feinstein that his team would have to get back to her about “tens of thousands of fake accounts” and whether they could be “specifically” attributed back to Russian intelligence.
In a January post on Facebook, Zuckerberg said that the company had nearly doubled the number of humans who review content for all sorts of abuse, including impersonation.
The fleeced people the Times talked to said that it’s tough to figure out how to report the scams, and once they do, Facebook has been sluggish in responding.
Still, if you’re targeted, report it. And please don’t laugh at people who get taken for a ride. The scams are causing serious financial and physical distress.
Facebook might well be slow to untangle the problem of imposter accounts, but it will never be able to fix what it doesn’t know about.
Source : Naked Security