Close call with phishing on facebook

It was 11:30 pm and having just completed my mango picture and dinner last night, I was relaxing on the couch, watching ‘Everybody Loves Raymond’ on my desktop. Few minutes into the sitcom, my iPhone beeped and showed an alert about some comment on one of my facebook Notes.

Laptop wasn’t very far – so while still following Ray’s comedy on big screen, opened facebook on laptop to review the comment. I then moved on to email in another tab and was browsing through without any particular intent.

Then I saw one of my old colleagues initiate a chat conversation on facebook. It’s been a long time I spoke with her and was a little surprised to receive a message at that hour. She started with regular pleasantries like ‘how u doing?’ and ‘what u upto?’ stuff. Everything was fine with me, and I told her so.

When I asked her the same questions back, response wasn’t as expected. She said things were not good at her end. I thought it’s the regular “missing-India” kinda complaints I receive from many people I know who live outside India.

This situation was different.

She told me they had a worst vacation ever. I assumed something did not go as planned and so she was still feeling bad about it. May be it was a couple of weeks ago or so, I thought.

As our conversation progressed further, she explained that she got stranded in Scotland at the moment. Based on the fine language she was using and calm composure she maintained, it did not appear right. But if she is on facebook, catching up with a long lost colleague, she’s possibly held up at an airport, bored, with an Internet kiosk or something. Why not?

I inquired if it was a flight delay. She said they were mugged at gun point and were stolen of cash, credit cards and phones. A story like this, fiction or real is in general associated with phishing. So, I paused the show I was watching, and started thinking about the live situation. I sat upright and took a moment to scroll up and read the complete conversation again, just to make sure I got it right.

Few questions ran through my mind, some sensible and some cautious.

Is this a real person talking to me? I mean, I know her as a colleague so I know she is a real person. But, is she the one who is actually chatting with me at the moment? Is she in a situation where she could use some help? If yes, I ought to help in any way I could. May be I can buy her flight tickets so she could reach home! But, wait. What if her account is hacked and if this is a phishing attempt?

There is one more clue left to judge if this is an authentic trouble situation or phishing – asking for sensitive information like bank or credit card details. That will help me decide to some extent. Asking for help is understood; asking for credit card number and related details is suspicious!

This friend of mine is a Telugu girl, currently staying in US with her husband. Just a habit I guess, chatting was in English all the while. I continued the chat after the mugging story, but in Telugu. If she is who I think she is, I know she speaks good Telugu and should not be any problem in discussing the situation further. I got prepared to help her (of course) but only after at least one confirmation of her authenticity. However, what if she is hesitating to ask for help because we haven’t spoken in years? I myself asked her if she needs any help, in Telugu. As soon as I sent a few sentences in Telugu, she went offline.

I was a little worried and confused at the same time. What if she was my colleague, really in trouble and lost connection due to some technical problem. I was waiting for her to come online again so that I can try to get her out of there. My idea probably was to book flight tickets online, Scotland to US, using my credit card and let them print/ access it there.

I was reminding myself to NOT disclose the card details. Getting flight tickets for someone who lost everything in a foreign land is a good help. As the card is physically with me, even if I share the card number and other details, they have to book online too. So, why not I book online from here and let them access the tickets from there?

If it’s a phishing attempt, they wouldn’t benefit much from a ‘Scotland to US’ airplane ticket, do they? They would need my card details so that they can buy something else. Yes, that was my move. If this is a genuine situation, once she comes online, I would confirm the necessary details and book her tickets online.

But there was a second thread that started in my head when she went offline. May be that’s someone who hacked her account and was phishing! He/ she logged off because they couldn’t continue the conversation in a foreign language!

Anyway, she was offline. I did not know which way to go – shall I wait for her to come online and help her get home? Or, go to bed considering that as a close call to phishing on facebook? I resumed Ray’s comedy and was glancing at facebook page once in a while to see if she shows online. Another 10 mins or so for the episode to come to an end. If I don’t see her online by then, I would go to sleep. Fixed.

10 mins passed and Ray’s sitcom show was over. Have to hit bed. But the first thread didn’t allow me to sleep. I wrote a big note on her wall before I logged off. It was a request to all her friends to help her if they see her online on facebook or get in touch by any other means elsewhere. I also sent her a message with my mobile number if she needs to wake me up.

After a little tossing and turning in bed, sat up again and logged into all messengers on iPhone. Unless something’s final on this drama, how can I go to normal sleep?

Luckily, she was online on Yahoo!

I sent her a “hi” and “u ther?” real quick.

She responded ok but was asking my whereabouts. May be she forgot my Yahoo ID. I login to yahoo only once every season.

Reminded about our encounter a moment ago on facebook and asked if she really needs help.

She was stunned too. A little more conversation helped us realize that her facebook was hacked. And the worst, part – she was not aware of it!

I was online until she reset her password for facebook, showed her the initial phishing chat conversation, deleted the help request on her wall and logged off.

All has ended well. It was a close call but no information was disclosed to the phisherman. Moreover, there isn’t an old friend stranded in Scotland, mugged at gunpoint, looking for help. What a relief!

Anyway, that was my personal story. But, here are a few more threats with facebook in general, FYI.

I am not sure but I think this is the code used by hackers to chat as the account holder. I like the comment number 0 on that page:

“This one should be so simple to prevent – it relies on a user actually copy and pasting in a command they don’t understand.

The downside is – “enough people are stupid enough” so it spreads.”

Take care fellas!

6 Replies to “Close call with phishing on facebook”

Add a comment