Necessity is the mother of invention, they say, and it's forced the current generation of scammers to get just a little more creative when they're trying to convince you to part with your hard-earned cash or valuable personal information. As people continue to move away from email, these criminals have shifted their focus to social networking services. Twitter, Facebook, and other online communities are plagued with spambots and other nasties ranging from annoying to downright dangerous. We've rounded up the worst offenders to show you how to stay safe online.
1. The Facebook flim-flam
This scam has cost well-wishing friends millions of dollars around the world and is often spread via Facebook, although it's made the rounds on Gmail as well. This one assumes the friends in your address book care enough about you to help you out after a mugging or other catastrophe while traveling.
This trick is simple in its execution. Someone gains access to your Facebook account (possibly through the sort of scam mentioned above) and then sends messages to everybody in your friends list. The message is a variation on a simple theme: "Help! I've been mugged in London! They took all my passport and all of my money!"
The sting comes when the scammer asks one of your friends if they could possibly spare a few hundred bucks to fund your emergency passport application, help with accommodations, purchase return airfare or food, or handle other things necessary for survival. Rather than using a bank transfer or other secure method, the scammer offers some excuse why the money would be better sent by Western Union or another untraceable method.
If you're on the receiving end of a plea for help like this, try another way of getting in touch with your friend. Call his cell phone, send an email, or text him. Even contact his friends or family to find out if he really is in trouble in London. If he's home, safe and sound, suggest that he contact Facebook to reclaim his hacked account and change the passwords on other online services.
Scams aren't always this obvious
2. The Twitter trap
One particularly new scam that has swarmed Twitter just last month preys on humanity's innate desire to know more about themselves. Sent as a direct message from someone you follow, it seems innocent enough: "Someone said this real bad thing about you in a blog..." The message arrives with a link attached, presumably to the offensive content.
At first glance, this is a friend or colleague looking out for you, bringing something unpleasant to your attention so you can deal with it accordingly. In reality, though, it's a program that will hijack your Twitter account, post to your stream, and send the same Direct Message to your followers. The link won't take you to a blog post (ego-crushing or otherwise) but instead goes to an online survey or page full of advertising designed to earn money for the scammers at a few cents per click.
While many scams and hoaxes are obvious, it can be difficult to resist finding out if that's really you getting bad mouthed on the internet. Really though, ignoring and deleting them is the only way to treat messages like this. If you're feeling friendly, contact the friend whose account sent the message to let them know their account's been hijacked; they should delete all of the compromised messages and change their online passwords.
3. The reverse Nigerian Prince
We're all familiar with the Nigerian Prince scam that's spammed our email inboxes. In the scam, an emotional plea from Western Africa promises you gold and riches if you'll just help out with a little money first. Even though this is one of the most played-out email swindles in the history of the internet, it's still going on today. Now, however, a new variation has popped up.
An email arrives supposedly from Citibank Nigeria offering to help victims of the Nigerian Prince scam. Those responding with their full name and address are "eligible" for $50,000 in compensation. It won't take long for "Citibank" to reply, explaining that their names cannot be found in the database after a cursory search. There's still hope, however, by sending in a nominal fee ($50? $100? $500?), which will of course be refunded in full once their name has been found and the payment process started.
A closer look at the email reveals that it is hosted on a domain ending in .cn, which the email goes to great lengths to point out stands for Citibank Nigeria. Unfortunately, that's not true. The .cn extension actually indicates that the domain is based out of China — a fair distance away from Africa, wouldn't you say? Adding insult to injury, the addresses included in this email are sent from 9.cn, which is a Chinese version of Windows Live Mail; yes, the scammers are again using a free webmail provider.
The Nigerian government does not keep track of everybody who is tricked into sending money via the scam bearing the name of its country (many "Nigerian" scams come from all over the world, including the United States and Europe). There is no fund chock-full of compensation. While Citibank does have a branch in Nigeria, the company is not involved in getting you any money back and does not have email addresses ending in the .cn extension.
If this one pops up in your email, have a laugh over the latest spin on this age-old scam and its feeble attempt to hook you in, and then hit delete. It's safest.
As the internet offers us new and interesting ways to connect, there will always be scammers trying to use those services to swindle you. But a little common sense goes a long way no matter what form the scam takes. Messages offering easy money, a plea for help, or any kind of emotional response from you need to be ignored. If you feel compelled to look further, make sure you verify the source to make sure it's not coming from a friend's account that has been hijacked.