Hey Mr. DJ, Don’t Put That Record On
Hopefully the readers of the Security Response Blogs are well aware of advance-fee fraud, which is also known as a 419 scam. A 419 scam typically pops up disguised as an email from some member of a royal family from a country far away, trying to transfer large amounts of money to you. The story used in the fraud schemes doesn’t vary much these days. However, these advance-fee scams have evolved and adapted to all of the new information sources that are available, including social networks. Such as with the following example, which was seen a couple of times at the beginning of June this year.
The scammer searched in Facebook for people who have highlighted the fact that they are disc jockeys. Since it is likely that such people usually want to be found and are proud to be DJs, it is quite easy for an attacker to create a very targeted user list for his scam. Simply browsing and comparing dedicated user interest groups can reveal all of the necessary information.
Armed with this information, the attacker rolled out some adequate bait for the DJ user group. The attacker pretended to be an event organizer from Miami, searching for new talent to be a stand-in for another artist who cancelled a booking on short notice. Following the contact message on Facebook was a list of documents boosting the seriousness of this offer: flight confirmation, five-star hotel reservations, and a signed contract offering 3,000 Euros for playing six nights in Miami’s finest clubs—a dream for any newcomer DJ. According to people who were contacted by the scammer, his appearance was very convincing and he acted in a professional manner, even calling the victims on the phone to discuss details. Social engineering at its best.
The catch? The scammer wants a deposit of 1,000 Euros in order to be sure that this newcomer DJ does not bail out at the last minute too. And you might have guessed it already, but this deposit is to be paid through Western Union to Italy and was never to be seen again. After the deposit is paid, all of the lies collapse like a house of cards. The flight confirmation is bogus, the booking agency does not exist, and the event organizer is nowhere to be found.
This is just another example that demonstrates how publicly available information in social media networks can help fraudsters to construct very convincing lies. So, whenever you are offered a deal in which you have to pay some fees in advance through unusual ways, your alarm bells should start ringing. Don’t let the 419 scammers spin you like a record.