How to stop a Facebook Messenger identity thief
Cynthia Lim is very excited about Lions Club International grants in these difficult times, so she tells all of her friends via Facebook Messenger to check out this interesting source of funds.
Except that she is not.
And there are no such subsidies.
This racketeering shows how social media sites like Facebook make it all too easy for crooks to take a quick bite out of users, relying on the reputation of people’s trusted friends.
âI reported that it looked like my Facebook account had been hacked,â Lim, 64, told me. “They really didn’t seem to care, only telling me to change my password.”
The West Los Angeles resident called her exchange with the social media giant “very unsatisfactory” and said that “you would think Facebook would care more about this stuff.
I do not know. Facebook hasn’t told anyone when the personal information of more than 530 million users was hacked in 2019, and it didn’t bother to issue an alert when the hacked data recently appeared online.
The company also doesn’t appear to make it particularly difficult for identity thieves to trick Facebook users into lowering their defenses by using direct messages on the platform.
Lim is a former LA Unified School District administrator. To her circle of Facebook friends and acquaintances, she is a respected source of information on grants and alternative funding sources.
So, these Lions Club Messenger messages seemed very appealing and convincing to a number of people. Lim said she was aware of at least a half-dozen Facebook friends who took an interest in the land, based on her apparent recommendation.
âI felt bad,â she said.
The Lions Club scam is widespread enough that the philanthropic organization, which has 1.4 million members worldwide, posted a notice on its own Facebook page warning people not to be duped.
Over 800 comments were posted under the disclaimer. Most expressed shock and anger that the identity of someone they trusted had been used in this way.
Denice Kelley grew up with Lim and was one of those who received the messages via Facebook Messenger, ostensibly from her childhood pal, encouraging her to apply for a Lions Club grant.
âThe message came around 7:30 am,â Kelley, 64, told me. “I thought, ‘This girl is such a go-getter!'”
The Salinas resident said she was excited at first about the possibility of having much-needed additional funds, especially with the endorsement of a trusted friend.
For the sake of brevity, I’ll refer to the person who messaged Kelley as Fake Lim.
Fake Lim wrote that Lions Club grants are great for “paying bills, buying a house, starting your own business, going to school, or helping raise children.”
Fake Lim also said she herself received an $ 80,000 grant from the program, delivered right to her door. (Needless to say, the real Lim received no such funding.)
Kelley replied that she was definitely interested. Fake Lim gave him a phone number to call. Kelley tried the number, got no response, and texted Fake Lim that no one was answering.
Fake Lim replied that Kelley should text the Lions Club first to let the Lions Club know she was interested. Then someone picked up the phone.
âIt sounded really suspicious,â Kelley told me.
She asked Fake Lim via Facebook for more information. Fake Lim started to be evasive.
Now concerned that it wasn’t, Kelley asked Fake Lim for Lim’s older sister name. She also asked Fake Lim to name the neighbors who lived next door to Lim’s childhood home.
âThese are things I knew,â Kelley said. “Cynthia would obviously know them too.”
Fake Lim, of course, didn’t. Fake Lim said Kelley asked “stupid questions”. Kelley replied that Fake Lim was clearly not her friend Cynthia.
“At that point,” Kelley said, “the conversation totally ceased.”
David Kingsbury, general counsel for Lions Club International, told me that the scam usually involved requests for personal information, including bank account numbers.
It may also involve requests for upfront payment of taxes or delivery charges to facilitate the award of the imaginary grant.
âIt’s infuriating,â Kingsbury said. âWe don’t even give individual grants. But these guys might ask for $ 900 up front before you can get $ 20,000. “
As for Facebook, I know it’s unreasonable to expect the company to monitor its nearly 3 billion accounts. But the Spider-Man rule still applies: With great power comes great responsibility.
After Lim contacted Facebook to report issues with her account, she received what looks like a robotic response from the “privacy operations” team.
âThanks for contacting us,â he said. “It looks like you are trying to report that your account has been hacked, phished, or otherwise compromised.” The email asked Lim to click on a link that would help him change his password.
This is at best a half-hearted response from Facebook to suspicion of fraud and identity theft.
It wasn’t until he contacted the tech heavyweight in Menlo Park, Calif., That Lim received a more engaged email saying “it looks like someone has accessed your Facebook account.”
A Facebook spokesperson, who requested anonymity when he was, you know, a spokesperson, declined to comment on Lim’s situation but said the company had “invested a lot” in keeping the crooks remotely.
âLast year, we introduced security advisories in Messenger that help educate 70 million people per month on how to detect and avoid potentially dangerous interactions like scams,â he said. “There are also a number of tools that allow users to control who they chat with.”
It seems to me that sites like Facebook can be abused or manipulated so easily by scammers, educating people is not enough. Measures must be introduced to more aggressively protect account security.
One suggestion: more active use of passwords and security questions before people can send messages directly to others.
I know this would be a problem for legitimate posts. But this problem is so out of hand, and so potentially dangerous, that a little hassle is a small price to pay for peace of mind.
Plus, social media users should make a habit of doing exactly what Kelley did – asking questions only your real friend would know. A legitimate message sender won’t bother him. A fraudster will be caught in the act.
Kelley said she reported her encounter with Lim’s identity thief to Facebook.
âThey didn’t respond,â she said. âI haven’t received an email saying they will do something. They just didn’t seem interested.
While it’s not really the case, Facebook clearly needs to do a much better job of letting users know that it takes this sort of thing seriously.