The rise of social media spam
In the last few years, our lives have become more intertwined, due to increased online interactions on social media sites such as Facebook. It is therefore not surprising that social media sites are constant targets for spam, scams and other online attacks. According to Mark Risher, CEO of Impermium(anti-spam software company), spammers own as much as 40% of the accounts on social media sites such as Facebook and Twitter.
They use these fraudulent accounts to infiltrate legitimate users with spam, phishing, likejacking, clickjacking attacks, etc. These fake profiles are also traded on the black market by spammers. With just $250 or less, customers can purchase up to 1000 Facebook accounts—with complete, realistic profiles and friend lists, in an attempt to create a perception of credibility for their scams. A recent 2013 state of social media spam report released by Nexgate (IT security research firm) found that spam on social networks more than tripled in just the first half of this year—increasing 355 percent.
The Nigeria experience
Here in Nigeria, there is a noticeable upsurge in the number of Facebook spam messages sent to users. In recent times, there have been lots of complains from Facebook users in Nigeria about suspicious unsolicited messages that constantly floods users’ inbox. You may have at one time or the other come across messages that goes like:
Hello dear, my name is Anna James, I am interested in being your true friend. Please email me back in my email address, (firstname.lastname@example.org ) so that i can send you some of my pictures and tell you more about myself for you to know whom i am. Thanks and God bless you, yours new friend…Anna
Hello I’m Princess Paul, I will like us to be friends or more. please contact me back via my email for more communication, (email@example.com) please write to me direct to my email address ((firstname.lastname@example.org) as i do not log in here every time.
I have personally received a lot of these suspected scam messages and reported them as spam to Facebook without hesitation. This seems to be the latest trend in same old 419 tricks of playing on our emotions and desires. As cheap as the scam messages may seem, you will be surprised to know the number of users that have already fallen victim. These guys deploy their bag of tricks confidently and stalk us like deadly predators, in a bid to ensnare us.
In the spirit of Internet vigilantism therefore, I decided to find out how deep the rabbit hole goes by posing as a potential victim to the suspected scammers, and gather as much information as possible for the benefit of my audience. I started off by creating a fresh email account with a pseudonym and entered into email correspondence with several suspected scammers using some of the scambaiting tips I learnt from 419Eater and 419Hell. In the process, I made the following interesting discoveries:
- The scammers seem to be ‘dubbing’ themselves and telling the same kind of stories, which suggests they may be operating either as a gang or one man show. Here are some examples:
My name is Princess Silvanus i am (24 years) but age doesn’t matter in a real relationship,so i am comfortable with your age,I am from Ivory Coast in West Africa, 5.4ft tall, dark in complexion, single,(never married ) and presently i am residing here in DAKAR as a result of the civil war that was fought in my country some years ago. My late father DR Amos Silvanus was a politician and the managing director of a (Gold & Mine Industry.) in YAMOUSSOUKRO (the capital city of Ivory Coast ,my country) before the rebels attacked our house one early morning and killed my mother and my father in cold blood. It was only me that is alive now and I managed to make my way to a nearby country SENEGAL where i am leaving now as a refugee under a Reverend father’s care and i am using his computer to send these message to you.
My name is Amanda Peters i am (24) but age doesn’t matter in a real relationship, so i am comfortable with your age,I am a citizen of Ivory Coast in West Africa, 5.4ft tall, light in complexion single,(never married ) and presently i am residing here in Dakar as a result of the civil war that was fought in my country some years ago. My late father Dr Andrew Peters; was a politician and the managing director of a Gold & Mine Ind in Ivory coast before the rebels attacked our house one early morning and killed my mother and my father in cold blood. It was only me that is alive now and I managed to make my way to a near by country Senegal where i am leaving now as a refugee under a Reverend-Pastor’s care and i am using his computer to send these message to you.
My name is Eunice Johnson I ‘m 24, from Ivory Coast West Africa 5.11ft tall, Fair in complexion,(never married before )and presently i am residing in the refugee camp here in Dakar as a result of the civil war that was fought in my country..My late father Dr Charles Johnson was the managing director of Johnson and Associates (Ltd) and he was the personal adviser to the former head of state before the rebels attacked our house one early morning and killed my mother and my father in cold blood. It was only me that is alive now and I managed to make my way to a near by country Senegal where i am living now in a refugee camp,and this computer is belonging to a revrend that has a church here in the camp.
- From my email communications with the spammers, it’s obvious their ultimate goal for sending those phony Facebook messages is to trick you into gaining your trust, and exploiting your emotions of sympathy, passion, compassion, lust, etc in order to defraud you. Here is an excerpt:
I am not going to give your love to another man you will satisfy me, needless of looking for another man. Please i have not told anyone except you about the existence of this money and i will like you to please keep it secret to other people because since it is (MONEY) all eyes will be on it. I have already informed the bank about my plans to claim this Fund and the only thing they told me is to look for a foreign partner who will stand on my behalf due to my refugee status and the laws of this country. You will have 18% of the total money helping me and the remaining money will be managed by you in any business of your choice. Therefore, i will like you to contact the bank immediately with this information, tell them that you are my foreign partner and that you want to know the possibilities of assisting me transfer my 6.7million dollars deposited by my late father of which i am the next of kin to your account in your country. The contact information of the bank are as follows,
ROYAL BANK OF SCOTLAND PLC LONDON
The name of Money Transfer Officer Mr Nelson Smith.
- Analysis of their email headers showed the source IP addresses pointing to a location somewhere in Dakar, Senegal and Internet access provided by an ISP known as Sonatel. Some of the source IP addresses are: 220.127.116.11, 18.104.22.168, 22.214.171.124.
I headed to Google and did a search on email scam in Senegal and found a 2005 BBC report titled “Senegal swoop on e-mail scammers”. The suspects according to the report were six Nigerian men and two Senegalese women. I did same for the email address used by one the Facebook spammers. The search results (about 133) revealed its association with all kinds of scams related issues on the Internet. I am therefore tempted to think that we may have been invaded by an organized gang of cyber criminals operating in Dakar, Senegal, who are determined to defraud unsuspecting Nigerians and Facebook users.
What you can do ?
- First and foremost, use your common sense online just as you would offline. If something is too good to be true, it almost always is. If someone offers you a Gold mine or promises you a share of wealth from a Gold mine at next to nothing, then beware!
- Arm yourself with information about the modus operandi of scammers and the different genres of scam that have emerged.
- If you receive these spam/scam messages, simply follow these instructions and report the message as spam to Facebook. Facebook will automatically delete the message and possibly deactivate the spammer’s account.
- If you don’t want to receive messages from people who are not your friends on Facebook, simply, Go to Settings >privacy >Who can contact me? and change “Whose messages do I want filtered into my Inbox?” option from “Basic Filtering” to “Strict Filtering .” This will minimize the amount of unsolicited messages entering your inbox.
- If you have already fallen victim or defrauded, you can report the incident to EFCC or Special Fraud Unit
Please feel free to share your experiences, tips or advice and let’s expose the activities of these miscreants.