Phishers use Facebook to launch targeted attacks
From the Red Tape blog over at MSNBC.com, an amazing tale of a vicious -- and profitable -- phishing scheme that appears to be extraordinarily targeted toward its victim and his friends. It ends poorly, especially if you were hoping Facebook wasn't going to give you the creeps afterward.
Microsoft employee Bryan Rutberg was the target, and Bob Sullivan's description of his ordeal is great reading. The criminals guessed or figured out Rutberg's Facebook password, then locked him out of his own account. They then posted a frantic status message ("BRYAN IS IN URGENT NEED OF HELP!!!") and started sending emails requesting money to various of his friends -- but not to Rutberg's wife, whom the scammers had de-friended.
The messages claimed that Rutberg was trapped in the UK and without money after a mugging by a gun-wielding assailant. His friends swung into action, one even wiring $1200 to "Bryan" overseas. Alas, that money's gone.
Facebook, on the other hand, did not swing into action, and Sullivan's writeup is worth reading for anyone who trusts social-networking services with personal data. Rutberg used the official channels (a well-hidden online form) to request help with the hack, but only after he located a cousin with a friend of the Facebook staff was he able to get the account disabled.
Worse, according to Facebook itself its users have been hit multiple times by the scam; commenters on Sullivan's story are indeed coming forth with their own stories. Victims report that the service takes days to respond (if they do at all), and that even if the service consents to disable the hacked account its representatives are telling victims that they won't give out data on which of their friends the hackers have been attacked without a court order.
That's if you can get someone at Facebook to say anything at all. There's no hotline for such violations, and a Facebook rep interviewed for Sullivan's article confirmed that the firm doesn't accept phone calls for "support."