Facebook friend stranded in Nigeria. Would you rescue them?

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

How many “friends” do you have on Facebook? Without checking on the site, would you know where they all are right now?

Would you know if Barney the lad who used to deliver the post at that office three jobs ago is currently on safari in Africa? Or if Alison the sexy PA to the CFO who you never quite managed to ask out for a drink is scuba-diving in the Mediterranean?

Even if it’s a close friend, you’re probably not keeping that close an eye on every movement they make – especially in the maelstrom of other status updates coming from your dozens if not hundreds of other contacts on the site.

Sign up to our free newsletter.
Security news, advice, and tips.

So if suddenly your mate Adrian sent you a Facebook message saying he was stranded in Lagos, Nigeria, and in need of $500 for a ticket home you might well not instantly smell anything fishy.

That’s what happened to Google Australia employee Karina Wells. According to reports, she was initially not suspicious of a Facebook message she received from her friend Adrian, but doubts grew as her correspondent began to use phrases like “cell phone” instead of “mobile phone” (note to our American readers: not all the world commonly use the phrase “cell phone”) as he described how she could send him the emergency cash.

Wells was smart, and didn’t send the money as requested via Western Union. Instead she contacted the authorities to make them aware of the attempted fraud.

But this is just the latest skirmish in an ongoing battle taking place between cybercriminals and Facebook users. We’re seeing more incidents of unwanted adverts and malicious links being spammed to Facebook users from their friends’ compromised accounts.

Emails from social networking sites are much more likely to get into our email accounts in the first place, since they don’t have the obvious hints that botnet spam does (such as a known-bad sender IP address, or known-bad headers, or known-bad email construction) causing them to be filtered out.

But this incident is going one step further. We will no doubt see more electronic conmen using stolen Facebook identities to steal money directly from the innocent by posing as their online buddies, unless more people take greater care over securing their computers and personal data.

* Image source: Pshab’s Flickr photostream (Creative Commons 2.0)


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.