Kenyans scammed by hacked Facebook friends
Social engineering; User accounts compromised
An unidentified number Kenyan users of the social network sent money to other users who they believed to be buds in need of urgent financial help. Their troubled friends, however, actually were hackers who had overtaken legitimate Facebook accounts.
The scheme involved fraudulent messages, sent from the hacked friends’ accounts, requesting money, typically with a promise to repay the loan with interest as soon as possible.
“Most users have fallen for the scam because the message supposedly comes from a trusted friend. Maria, one such victim, sent Sh8,000 (US$90) via MPesa to an unidentified number after a friend inboxed her,” CapitalFM reports.
Maria did not call the friend to confirm because he was based in the UK.
Maria told CapitalFM: “My friend asked if I could send the money to someone who was in trouble and needed the cash to pay bail. I just assumed that it was him coz the message was from his account.”
She became suspicious when she got another message from the friend requesting the same amount to be sent to another number, so she replied she didn’t have any more cash.
A few hours later, the real UK friend posted a real Facebook update saying his account had been hacked and apologizing to friends who had received the hoax messages. Based on the replies to his status update, it seems that the crooks hacked Kenyans in the UK to target their friends in Kenya, making it difficult for the friends to immediately verify the money requests.
Maria reported the issue to Safaricom’s MPesa department, which informed her that the money had been withdrawn within five minutes after being sent. MPesa advised her to take the issue to the police, since that is the standard procedure for fraud cases
The multi-step process for filing a complaint within the Kenyan bureaucracy discourages many victims from reporting such incidents, according to CapitalFM.
ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.
Financial Services; Social Media
November 27, 2013
Link to report
location of breach
location of perpetrators
date breach occurred
date breach detected