I was not in London last week. Nor was I in trouble, nor did I need money. But for a brief time the other morning, somebody posing as me on Facebook made it seem as if all this were true.
At the moment I was literally on the road, driving home from the Poconos, not sophisticated London. It was almost funny. But nobody could be amused by the result — a temporary shutdown of my Facebook account while I shored up security measures.
The frightening stranded in London after being mugged (or whatever) sob story/scam has been around for a couple of years. For a typical version, see the link. I saw it for the first time as an email. It’s scary, getting a message like that from someone you know (whose email has been hacked). Unfortunately, a lot of people are scared enough to send money to help their “friend” get home.
Like many scams, this one takes various forms. There’s an old-school telephone-call version. And now I’ve experienced the Facebook version, in which the scammer impersonates you in chat messages. Somehow, the idea of the sob story unfolding in live, interactive real time is just that much creepier.
Fortunately for me, fast action stopped things relatively quickly. By the end of the day my account was back up and running peacefully (fingers crossed). Lessons learned:
Friends are great. Mine were my strongest defense. I got five calls within 20 minutes, all from friends suspicious of the chat messages “I” was supposedly sending, and wanting to know if I was all right. One of them notified Facebook security, which suspended the account. This was important because it would have been a couple more hours before I could have notified them myself. I was spared a lot of headaches and misunderstandings. The impersonator did de-friend two of my friends, but it could have been much worse.
Couldn’t happen? Hmm: It’s tempting to think this wouldn’t happen to you because you aren’t a gamer/don’t download attachments from strangers/rarely if ever chat/etc. Well, I qualify in all these categories. Still happened. And of course, don’t forget the low-tech version is out there.
Password safety is a moving target. I’ve used passwords that are a mashup of letters and numbers for some years now, and thought they were fabulous, but in the process of changing my security settings, I noticed that protocols rated “extremely strong” a year ago are only “medium” now. So I’m studying up on ways to make passwords stronger.
The link above recommends changing passwords every 30 to 60 days. Once I would have scoffed at the idea. Now, I’m resigned to it. I want to keep playing in the interactive sun, but I don’t want to be a funzone for scam artists.