Internet con artists in Poland have devised an ingenious method to steal money using Facebook accounts and Bitcoin. The scam starts when attackers steal a Facebook identity and ends at an unsuspected victim losing all their bank funds which are then converted to bitcoin and disappear into the cyber world.
First three steps of the Intricate Scam
The intricate scam starts with internet hackers getting Facebook credentials of unsuspected users. The ‘Two Step Verification’ process which is advised by Facebook is still not used by many users. Once the primary target is found, hackers use well-known malware and phishing techniques to obtain username and password for a user. This, however, is only the first step in the comprehensive and elaborate scam. The user whose account has been hacked in this case is not the primary victim but only a secondary victim as this is where the scam gets complicated.
Once the credentials have been obtained, hackers go through the profile in detail. All chat logs are searched and other family relationships are obtained. This helps the hackers to completely understand the account and obtain information of primary and key contacts of the user. Say for example, the second step is hackers finding out family members and friends who the person is close to. Once the analysis is complete, the hackers obtain a list of contacts as primary victims.
The third step includes sending ordinary requests for small fund transfers. You may be well aware of getting a text message from someone close asking for a small transaction to be made as a favor. This may include phone credit, or other small favor that is hard to ignore or deny.
The Critical Key Step
The fourth step is where it gets all technical and tricky. Hackers have developed fake versions of many popular Polish websites including banks and online payment solutions that aid them for their scam. Once the relative or friend says yes to the request, a link for payment is sent to them. This however is a fake link and redirects to fake websites of all the payment options that the primary victim may use. The technical genius of the scam however doesn’t end here; it only begins at this point.
The victim is sent a confirmation text, upon replying to the text, the victim automatically creates the fraudulent bank account as a trusted recipient. This step ensures that all payments to fraud bank account in the future will be made without any information. Once the step is complete, hackers easily move the money from the victim’s account and buy bitcoins from them using anonymous wallets.
The scheme is so elaborate and works out of the scope of banks that they cannot do anything about it. It may not be happening in Pakistan right now, but you may never know about it. For your own safety do enable ‘Two Step Authentication’ for Facebook, though.