Fake friends´ requests for help regarding restoration of fictive blocked service present a new kind of fraud that can be recently found on internet, Facebook at the first place. However, instead of unblocking of the blocked account you allow the offender to confirm transaction at your mobile operator. And how the whole fraud works?
Offender creates a fake profile of concrete user and he asks friends from the user´s friend list for “adding” him back to the friend list. They usually do it so. The offender then persuades these users to give him their phone numbers. Consequently, a text message containing PIN should be sent to the following number to restore the blocked service. For this purpose the offender uses several made up stories (e. g. forgotten PIN to a bank account, blocked e-mail address etc.). In fact this is not validation PIN, but code used for payments from the mobile operator to pay for bets at BWIN, ŠANCE, POKERSTARS etc.
Another possibility how to swindle out the PIN is a fake competition website where you can contest for a various prizes, mostly mobile equipment (tablets, mobile phones). However, for successful registration to the competition user has to fill in login details for Facebook account. The offender then receives unauthorized access to the particular Facebook profile and he again asks Facebook friends to send him back the PIN for mobile payments.
Infiltration between Facebook friends is not difficult.
“Users of internet services often do not realize who they communicate with and they send the PIN codes to the “virtual friends” without verification, although they are warned by operators not to hand over the codes to anybody else“, says a criminalist Pavel Schweiner from Police Department of Electronic Information Crime in Olomouc.
The rule of “trust, but verify” is applied both for the real and Facebook world, therefore we recommend verifying any account validation effort by another person through your mobile phone. The best is to call the concrete person. Ideally you should not hand over the data to anybody.
In case you will be a victim to this kind of fraud, contact the nearest Czech police district department.
Kamil Kopecký, E-Bezpečí