Last night, while still in my lazy Sunday mood, I received a message on my mobile asking me to send a message to a number in Swaziland before transferring 20 million pounds to my bank account. Ok, I didn’t wait to finish the story before deleting it. These messages/ spam emails have been around for a long time and their success rates have declined as people have become more informed about them. Yet, just like an animal adapts to live in a particular place and in a particular way, cyber crime can do the same. Cyber criminals in this regard, are no exception.
In Beirut, a new group of cyber criminals has found a new way to pick pockets. How? by being your best friend! It all begins with stealing your identity or credentials, talking in a friendly way to your contacts and finally asking them for “favors”. It later turns out that they have asked many other friends the same favor, that is (in our case here) to buy them recharge cards for their prepaid mobile phones.
Many victims may have responded positively and handed over their wallet, albeit in a new form, to those criminal hackers. Ok, so you might be thinking that it will be easy to track those “bad guys” down by providing the police with the serial numbers used. The answer is more complicated since there is no cyber crime police to call in Lebanon and because the criminals might be using a more innovative way for cleaning their stolen values of recharge cards by transferring the risk to other users.
Therefore, a possible scenario of how those cyber criminals are benefiting is as follows: A hacker uses your msn account and asks your friends to buy him a recharge card worth $ 100. Given that the hacker had access to your emails, chat history, etc. he will be able to relate with them to gain their trust before asking them (in your own words) to buy him a $100 card. Provided your friends believed the hacker, and sent him a serial number of a card, he will have two options: a) use it on his mobile for his personal use (highly unlikely given that he can be tracked sooner or later) or b) transfer or sell the value of the card to other victims who will use them on their phones. In option b, chances of finding the criminal hackers are far less and take more time.
This new breed of hackers is leveraging a smarter approach in hacking and playing on the emotional side of the victims before ripping them off. I’ve heard stories of an IT expert falling victim to this scam. This is not a post to teach you about information security but it’s just a reminder that cybercrime is evolving into a more personal level. Therefore, always check and double check your friends’ identity and honesty of their request before kissing your money goodbye.