The next time you receive an unsolicited invitation to connect on Facebook or LinkedIn, the counter-industrial espionage team at CWFong & Associates (CWFA) suggests that you do an online Google search before accepting. Even if the requests come from a “friend”. This is because online scammers are getting increasingly sophisticated and are now adopting a 2-phased online attack.
As netizens become increasingly wary of online scams, the success rates of the Nigerian 419 scams (or advance fee con) is falling. Fraudsters are now forced to work harder to connect with you. In the past month alone, members of CWFA’s counter-industrial espionage team have received half a dozen friend requests which we have determined are from fake accounts.
The Two-Phase Attack
In the two-phased attack, online scammers first create a fake account based on someone relatively well-known (or someone you personal know). In recent months, the members of the Hong Kong Hang Seng Bank have been used for this. Using publicly available information, the scammers create a clone Facebook or LinkedIn account. As the account is based on “real” information, a cursory look will trick targets of the scam into believing that the account is real and therefore accept the invitation to connect.
Once the connection is made, the scammers are now in your “inner circle” and any information you unwitting share with your friends on Facebook or LinkedIn can be mined to be exploited at a later date. In fact, because you are now shown as a “connection”, you have become a pawn in their scam as the scammers’ subsequent invitation to connect with your friends will be more readily believed.
With phase one of the attack completed, the scammers will now use the information that they have gained to launch their attack. One such scam which they can run is a variation of the advance fee con. Here, based on your travel information, they will send an email to your friends claiming that you were robbed and urgently need money to get back home. As the attack is coming from “within”, chances are that the target’s defenses will be down increasingly the likelihood of success.
In short, as netizens become more wary of online scams, scammers have had to up their game. Due to the enormous amount of information available online and the ease with which anyone can create an online identity, not everyone is who they say they are. So always be wary who you with connect with online. When in doubt, Google the person’s name with the word scam (eg. sarah catherine legg scam).
Preventing Industrial Espionage Workshop. For more information about our in-house workshops, email Justin[a]cwfongandassociates.com.