Online Fraud – What the Facbook?!

O

MAXIMILIAN PATERSON
<Arts and Culture Editor>

While lounging on the brand new couch in the Obiter office I glanced down at my phone and found that I had a missed call and a new voicemail message.  The message was from my sister, and it turned out that she had some very strange information for me. “Hey,” she started, “this guy with your name is trying to add me on Facebook.” Odd, I thought, but someone with the same name as me on Facebook is not news; I’m sure there are a handful of Max Patersons and one of them must have added my sister by accident. “The weird thing is,” my sister continued, “this guy is also adding all of your friends.”

This last statement caught me off guard. This wasn’t just a case of a mistaken “friend add,” this was now in the territory of identity fraud. Why would anyone be doing this? After sharing this news with my fellow Obiter writers, and contacting my sister for more information on this strange fraudster, I finally tracked down the fake Max Paterson’s profile [hereinafter known as Fake Max].

It turns out that Fake Max had just joined Facebook 8 hours prior to me creeping his page. He already had 10 friends, 5 of these friends were poached from me, and the other 5 were people who I was tangentially connected to. After a further creep of his profile I noticed that Fake Max started ‘following’ things that were loosely related to me, such as friends’ bands, get well groups for people I went to high school with, and Zach Ryder the WWE wrestler. Then he started “liking” things that I am completely indifferent on, such as Zac Efron, Beats By Dre, a local business in Alexandria, Egypt, and ABK (the juggalo rapper also known as AnyBody Killa). This was slowly moving from fraud to full on character assassination! Having never heard of Zach Ryder or ABK I decided to creep a little harder and this was where things started to get really odd.

In the 8 hours that Fake Max had been “alive” he had uploaded 4 pictures (all of them were Justin Bieber-esque selfies that didn’t look anything like me) and he had also updated his status 5 times. The strange thing was that the status updates were just strings of letters; they were things like “hjnmkjm” and “km,hjk.” At first glance these updates seem like gibberish, however if you look at the string of letters and then at the standard keyboard you will realize that these phrases are made by mashing keys in one specific area of the keyboard with the right hand. Fake Max wasn’t a web crawler or bot; there was a human behind this!

The whole thing didn’t add up though; why would someone make a fake account, post weird tweeny pictures, say they worked at a surf shop in Brisbane, Australia, “like” things that were written in Arabic, and then try to add all my friends? The best explanation I could find was that this tactic (although a little different) is called spear-phishing.

Spear-phishing is a more personalized version of the spamming tactic of phishing. Phishing is where a blanket email is sent out to millions of people proclaiming to be some sort of official looking organization to lure people to fake websites in order to gain personal information. Examples of phishing are receiving an email from Fake FedEx asking you to click a link and disclose your credit card info so they can deliver a package, or receiving an email from your Fake Bank asking you to log in to your account via the link in the email, thus providing access to your account. Spear-phishing acts in a very similar way, however it uses more personalized information such as your name or a friend’s name in order to make the scam more believable.

My hypothesis is that someone has created this account to add my friends and deliver fraudulent links and scams to them personally in their timeline. Furthermore, the profile is just different enough that if I were to report the account as trying to impersonate me, Facebook may not accept the complaint based on the fact that the pictures and interests are not completely the same as mine. An alternative theory is that this could be a ploy for Facebook to get me to disclose more information about myself. In order for me to log a report on Fake Max, Facebook requires me to disclose my telephone number and more personal information about myself. My final theory is that someone could be trying to Talented Mr. Ripley me. In which case I will be on the lookout for Matt Damon trying to hit me with an oar and steal my girlfriend (who, sadly, is not Gwyneth Paltrow).

Either way, this has proved to be a bizarre afternoon. Despite the small amount of flattery that comes with someone trying to impersonate me, I am most concerned that my friends have actually started to accept Fake Max’s friend requests. What the hell guys? I would never take a selfie-shot of my nonexistent abs in the bathroom mirror! Come on!

About the author

Add comment

By Editor

Monthly Web Archives