I heard a scary and interesting story last week. A new friend, a security expert, told me that his wife was contacted by a friend on Facebook indicating they were traveling and needed help, i.e. money. So the security experts wife is being contacted by a Facebook friend for help. The wife then started a message session with this person and they proceeded to chat about the problem they were having, the real was need, and how was the kids soccer game last Tuesday, and about an upcoming school event, etc. etc. In short, the wife had a real conversation about real events with this person on Facebook via chat.
Afterwards, the wife still felt uneasy about things and decided to drive to her friends house. The friend was indeed not traveling and had no money problem. The wife had been chatting and having a real, genuine chat with a person pretending to be the real facebook friend. This was not just an email scam but it was much more sophisticated, and scary, in that the person trying to engineer the theft had been lurking online for days/weeks/months and had enough information from the wife’s timeline to carry on a plausible conversation with the wife.
The friend’s computer had been hacked in some fashion where the thief was able login to Facebook as the friend and post and chat on the friend’s behalf. The wife’s computer was fine and secure, but her friend’s computer and accounts had been compromised.
Just because a person can carry on a conversation with you online or someone(friend) sends you an invite to connect doesn’t mean any of it is true. If they know your home town, or your high school, or your brother’s name doesn’t mean they are your friend.
There are countless warnings about security and not trusting online. This is just another example.
I don’t know the answer to these challenges other than limit your precious trust online, doubt anybody reaching out to connect with you and double check all you can check. And change your passwords, use two-factor authentication where available and limit how you connect accounts together, i.e. use Facebook or Twitter to autenticate to something else.
This is really a trust issue. Limit what you trust online.