See a Facebook scam in action

Facebook icon

This caught my interest today.

Rakesh Agrawal, the CEO of SnapStream, a Texan software company, received a message on Facebook, supposedly from one of his friends – Matt Finkelstein. “Matt” told Rakesh that he was stranded in London, after he had his money and air tickets stolen and needed $800 to get home.

Fortunately, as you’ll see in the transcript Rakesh published on his blog, he was suspicious and guessed that his friend’s account had been broken into by a hacker.

Sign up to our free newsletter.
Security news, advice, and tips.

Asking personal questions that only Matt or a close friend would know helped Rakesh uncover the truth, although it’s clear that the scammer was able to derive some information (for instance, his wife’s name) from the profile.

7:20am Matt
hi
whats up?

7:20am Rakesh
Hi Matt
Everything OK?

7:21am Matt
well,im really stuck here in london
i had to visit a resort here in london and i got robbed at the hotel im staying

7:22am Rakesh
ack… that’s terrible. Sorry to hear it.

7:22am Matt
yeah,thanks
we just want some helo flying back home

7:23am Rakesh
So why are you stuck there?’

7:23am Matt
all my money to get a ticket back home got stolen

7:25am Rakesh
I didn’t understand this “we just want some helo flying back home”

7:25am Matt
help*
actually i got some money wired to me to catch a flight back home
but we still need $800 more to complete our ticket fee and fly back home

7:26am Rakesh
good
Honestly, it sounds like someone’s hacked your Facebook account and is using it to defraud your friends.

7:26am Matt
i have the money in my checking acct,i cant just access it from here
this really me
Lauren is here with me
and my kids

7:28am Rakesh
your wife’s name is on your profile page

7:28am Matt
what about my kids name?

7:28am Rakesh
in photos?
how do we know each other? when did we meet?

7:29am Matt
from school

I do not know this guy from “school”… So when I responded and he figured out that I was on to him, he blocked me, etc. I tried emailing Matt at his e-mail address, but who knows if that address was his real address or not…

Rakesh was right to be suspicious, but how many other people would fall for this kind of confidence trick?

Interestingly, we’re hearing more and more reports of this kind of scam taking place on Facebook, suggesting that many people may not have taken proper care over securing their accounts and choosing a sensible password.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.