Advance fee lottery scammers continue to use Facebook as a favoured hunting ground. And, sadly, there are seemingly plenty of people on the network who still fall for their nefarious tricks. Often, the criminals pose as Facebook officials and send messages to the potential victim via cloned or hijacked accounts.
They inform victims that they have won a large sum of money in a lottery operated by Facebook and should contact the ‘Facebook Lottery Team’ agent to begin processing the claim. But, of course, there is no Facebook Lottery, no prize, and the ‘agent’ is certainly not a Facebook staff member.
If victims contact the bogus agent, they will soon receive requests for advance payments to cover imaginary processing costs. They will also be asked to send personal and financial information, ostensibly as a means for victims to prove their identity. I discuss how Facebook lottery scammers operate in more detail in another Hoax-Slayer article.
In this report, I want to focus on one simple social engineering tactic that these scammers tend to use as a means of convincing their victims that their bogus lottery win claims are genuine. After a victim contacts them, one of the first documents that the scammers may send back is a seemingly official ‘certificate’ or other type of document that, at least to the victims who receive it, may convince them that the ‘win’ is indeed genuine. These criminals are well aware that, especially for the people who are likely to fall for these scams in the first place, an officially formatted document can be a powerful and persuasive tool. Especially if it comes from a person that the victims believe is an official representative of Facebook.
In the example shown above, the scammers have sent their victim a ‘Certificate of Ownership’ complete with pretty border, the Facebook logo, a seemingly official red seal, and even the signature of the alleged Facebook Lottery Team’s online coordinator. The ‘certificate’ – rather illogically – instructs victims to mark ‘yes’ on the document if they want to accept the winnings or ‘no’ if they wish to decline and allow the money to be ‘pass over to another members’. By marking what they believe is an official document and returning it to the agent, victims are in a sense committing to the process and are then more likely to send their money and personal details in response to subsequent requests.
A closer look at the ‘certificate’ reveals a number of grammatical errors that would be very unlikely to appear in a genuine document. And, of course, anybody with even fairly basic computer skills could very easily create a fake certificate like this using commonly available software.
But, alas, when it comes to the Internet, the people who fall for these scams tend to have a higher level of gullibility than more tech savvy users. They may be naive about the nasty underbelly of the Internet and are perhaps lacking in education and experience. They may be thrilled at the prospect of receiving an unexpected financial windfall and, in their excitement, overlook the grammatical errors and logical flaws in the certificate.
While it is easy to label victims of such scams as ‘dumb’ or ‘stupid’, this is certainly not always the case. And, our anger and contempt should be directed at the criminals who perpetrate these scams, rather than at their hapless victims.