Sophos Security's Graham Cluley
is reporting a new type of scam that has appeared on the network ▬ a lottery scam.
The email from a 'Facebook Claim Administrator' reportedly says, "Congratulations on your winnings as our verification team alerts that your data verification was successful, and that a call was placed to you earlier for confirmation but to no avail."
It continues on to say "We are happy to also inform you that your Winning Certificate has been issued and will be mailed to you soon."
Bet you can guess what happens next. Yep. The scammers tell the recipients they'll have to cough up some information in order to be able to claim their 'winnings'. In this scam, recipients are directed to come down to an official office (in London) to confirm their identity and sign some paperwork. If making a personal appearance is too difficult, the letter helpfully offers to send the paperwork via a courier for a fee of £385 ($614.50) to cover the costs of this convenience. At the end of the email, in the signature block, a phone number is provided.
"Although the phone number given in the email looks, to the casual observer, to go to a UK mobile phone it actually could be redirected anywhere in the world. The 0770 number is registered with British firm Cloud9, which offers international mobile services.
"In short, you think you're phoning Facebook in London - but the phone could be being picked up by Fabian in Nairobi."
For those victims who actually call the number, chances are questions will be posed that could lead to identity theft, after all part of the scam is "Facebook Lottery" wants is confirmation of identity.
On Oct. 19 the Better Business Bureau
also warned consumers about a 'Facebook Lottery scam'. The email in this variant purportedly comes from the head honcho of Facebook himself, Mark Zuckerberg. This email tells the recipient they are the winner of $1 million in the "2011 Sweepstakes" offered by the social network giant.
Included in these emails is a link for 'winners' to click on in order to claim their prize (watch out for malware or questions asking for personal information!), or a request for a transactional fee to be wired in order to claim the bogus lottery winnings.
According to BBB, the letter says
“… your details(e-mail address) falls within our European representative office in Amsterdam, Holland, as indicated in your play coupon and your prize of US$1,000000 will be released to you from this regional branch office in England.”
Recipients are warned to keep the prize information confidential, offering the telltale red flag of using ALL CAPS in the email. The warning says,
"ANY BREACH OF CONFIDENTIALITY ON THE PART OF THE WINNERS WILL RESULT TO DISQUALIFICATION.”
Unfortunately these kinds of scams are not unusual nowadays. Swindlers often create scams that offer a tangible financial gain to use as a carrot, especially during tough economic times because people are vulnerable and are more inclined to be tempted with appealing offers.
Additionally Facebook users should be warned that once one scam emerges, often copycat or several variations of the scam are usually right around the corner. Facebook is often a prime target for scams due to its large membership of 800 million members, even if a small fraction of people fall for the scam, that is a tidy profit for the swindlers.