That Time I Fell For A Facebook Scam

The other day I was duped into giving my “friend” my bank details, little did I know my friend’s Facebook account had actually been hacked. It was a scam

As silly as I felt afterwards, it was scary just how well a hacker had mimicked my friend’s tone of voice, and duped not just me but a couple of friends.

Here's how it went down...

It all started following a casual conversation

I’d been chatting to one of my friends on Facebook messenger during my lunch at work, as we were going to meet later that day for pizza. 

A couple of minutes following the latest message in our chat, my friend says “Sorry to ask but would you help me with my online banking”.

Considering I was literally mid-conversation, this didn't seem too out of the blue at the time.

Can we swap to WhatsApp?

After a bit of backwards and forwards on Facebook, under the guise that my friend’s banking was down and she needed to pay her way quickly, I handed over my sort code and account number. This didn’t seem weird to me - at this point. 

I wasn't sure if I had my friend's most up to date phone number so I added it to my contacts without hesitation. 

Where I saw the first red flag was “my friend” asking me to switch to WhatsApp. Her reasoning was that she was on her desktop and it was easier, and something about not having her phone, which I didn't pick up on at first.

Fair enough I thought. 

Until it showed as a new number. I, not thinking it out of the question for her to have a different number as we usually speak via Facebook rather than text, carried on none the wiser.

I'm not even with that bank?  

“My friend” then proceeded to tell me that they’d sent across the money to my NatWest account. 

Here’s the thing, I don’t have a NatWest account

In hindsight, reading back through the messages, this is where the hacker really started to trip up over themselves, but me being me and convinced it was my friend carried on.

I was genuinely worried for a minute that they'd sent their money into the void and had got my bank details wrong! 

After I got a little panicked, they used the excuse of “same sort code” as to why they’d got my bank wrong.

Here's what I should have been thinking about (instead of the tasty lunch I was chomping down on throughout this whole debacle)
  1. When you transfer money to someone there is no indication of the bank you’re sending it to.
  2. I’m pretty sure the whole sort code excuse is just incorrect. 

This is all a bit convoluted, isn't it?  

In that moment it seemed like all of my online banking safety knowledge literally left my head and was nowhere to be seen. 
Okay so here’s where you might question how on earth I got duped and why I carried on (you and me both) but then “my friend” asked for my Pinsentry identification code. 

What a mug. 

Don’t ever do this!! It literally says not to but if for any reason you end up in a situation like this, remember it’s not normal and the other person is most definitely having you on!!

I'm really not sure why I fell for this bit, but in that moment it seemed like all of my online banking safety knowledge literally left my head and was nowhere to be seen. I even said to my 'friend', "what are you doing lol", "it just seems convoluted"

They just kept it going! You can tell how desperate they were (and how gullible I was) from the fact they were sending screenshots along with their instructions.

The group chat meltdown 

At this point, I was getting a little antsy, wondering what my "friend" was up to and where the money was that they'd supposedly sent over.

Things then took a bit of a turn...

I'm in a group chat with this "friend", and their housemate then sent a message to the group explaining that my real life friend's Facebook account had been hacked.

This caused our little scammer friend to get angry! 

You can see the sudden change in the WhatsApp chat - plus in the Facebook group, the hacker actually said the housemate was really the one who was hacked (this wasn't true, obvs!).

It was all part of an elaborate plan to throw people off the scent. As news spread the hacker was removing people who'd realised from the group and blocked them on Facebook.

After seeing all this fuss on Facebook I didn't know who or what to believe for a second and demanded my "friend" call me.

That's when it got a bit weird - with them saying they were going to report me for fraud!

Calling the bank 

I immediately called my bank and told them what had just happened, and was almost glad to hear that they were just as confused as I was. 

They took me through all the security steps and had to sort me out with a new card and I had to reset some of my details - annoying, but better to be safe than sorry! 

The worst bit was the fact this took so long. All in all, I was on the phone for about an hour confirming everything and being put through to the fraud department. I was so worried about my account being at risk but was also a little worried in case it was actually my friend. 

Newsflash - it was definitely a hacker. 

The aftermath 

After getting off the phone, I was added back to the group chat and found out that a lot of my friends has been targeted too. Some realised quicker than me that something was up, some also fell victim of it - making me feel a little less silly. 

I also caught up with my friend later that day for our well-needed pizza and found out it had targeted something like forty of her Facebook friends in a 10-minute window. 

It was dramatic, stressful, and annoying, but in the end, no one ended up out of pocket and all is now well again!

I've spoken to some of my friends and I think the next step here is to report it to Action Fraud, and just raise awareness and hope this person/people will get caught. In the moment it was so believable, and even the bank was pretty confused with what the scammer had been trying to achieve.

If anyone ever asks to send you money:
  • Speak to them over the phone, or even better in person to check it's really them. 
  • Find out exactly what the money is for - if it's a large amount this is deemed suspicious and could be an attempt at money laundering. 
  • Don't give out any of your mobile/online banking details if you haven't checked the above! 
  • Keep an eye out if people are asking to switch platforms. If it sounds fishy, it probably is.

Don't make the same mistake as me - and enable two-factor authentication on your account to keep your profiles secure where possible! You'll be pleased to know that my friend got her account back and all was okay in the end!

Peace out.