{"id":10544,"date":"2017-11-20T06:30:10","date_gmt":"2017-11-20T14:30:10","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/11\/20\/news-4316\/"},"modified":"2017-11-20T06:30:10","modified_gmt":"2017-11-20T14:30:10","slug":"news-4316","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/11\/20\/news-4316\/","title":{"rendered":"A friend in need \u2014 or is it?"},"content":{"rendered":"

Credit to Author: Tatyana Sidorina| Date: Mon, 20 Nov 2017 14:00:49 +0000<\/strong><\/p>\n

Scammers keep things fresh by continually devising inventive new methods to steal from unsuspecting victims by using novel or revamped social engineering techniques. Today’s lesson comes from platforms such as Telegram, WhatsApp, and others that use phone numbers as user IDs.\"\"<\/a><\/p>\n

A few years ago, we examined the case of a Skype account that was hijacked<\/a> and then used under various pretexts to finagle money out of the victim’s contacts. Today we discuss a somewhat similar scenario \u2014 but this one doesn’t even require hacking into other people’s accounts. The crook simply sets up a fake account in a popular messaging app.<\/p>\n

It can begin with an innocent call for help on a social media page, with the user giving their phone number to their friends. But criminals don’t even have to wait for someone to upload a post with personal information. People are in the habit of revealing all sorts of personal data, making it available to anyone who cares to harvest it.<\/p>\n

Phone number obtained, the scammer looks at the target’s list of friends and selects someone to use as bait. Then, they create a profile in a messaging app, using the name and downloaded photo of the chosen friend.<\/p>\n

The attacker then sends a message to the victim, seemingly from the chosen friend. It all looks very plausible: an old friend reaching out for help. Who wouldn’t lend a hand? You don’t immediately cotton on. Why would you? No one remembers phone numbers these days anyway, and it’s easy to fall for such a convincing ruse. Making things even easier, some messaging apps forgo the friend-confirmation step, letting users open communications without anyone having to say “Yes, I accept this friend request.” A criminal can use this scheme again and again, finding new phone numbers online and registering new IM accounts.<\/p>\n

How can you avoid becoming a victim of this type of fraud?<\/p>\n