Paul Lynham FIAP gives his thoughts on how to stop this type of scam.
Recently two friends of mine have been the victim of scam Facebook users. The scammers setup a Facebook account using the details of the person they are trying to pass themselves off as. This account will copy the victim’s account as closely as possible, including name, gender, date of birth and profile picture, etc. They will then send a friend request to the victim’s friends on Facebook. Once the friend request has been accepted by an unsuspecting victim’s friend, the scammers start sending messages. These can include fake news or trying to hook them into some kind of scam, while also collecting information about the victim’s friends, so they can repeat the process. A variation on the scam appears like a friend is trying to warn you about your Facebook account potentially being hacked, but it is the hoaxer.
These scams have been going on for the last few years and it seems Facebook is taking this seriously, especially if several people report the same scam. Although I only occasionally make use of Facebook, there would appear to be a fairly simple solution and Facebook already implements this solution in one direction – checking for duplicates. A user cannot send a friend request (outgoing) to someone they are already friends with, as Facebook prevents this. However, it would seem logical to check incoming friend requests in the same manner.
Laying the responsibility on the user, who may have hundreds of friends and who can’t recall if they have already accepted a friend, is not a sound tactic. A better stance would be for the application to use the pattern of checking if a unique item already exists in a collection before attempting to add it. Without knowledge of the appropriate Facebook API, this may be one solution, when a friend request is received:
potentialFriend = user.FriendRequest;
existingFriend = user.FindFriend(potentialFriend);
if Assigned(existingFriend) then
user.SendMessage(existingFriend,”Have you sent me a friend request?”)
else
user.ConfirmFriendRequest(potentialFriend);
In this simplified example, the attributes of the incoming friend request are used to check if the user already has a matching friend. If so, the existing friend can be messaged to see if they have sent a friend request from a duplicate account (some Facebook users have more than one account). Alternatively, the user can be warned. However, if the attributes of the friend request cannot find an existing friend, then the request can proceed for confirmation.
There may be some reason Facebook is not employing this tactic already, but if so, it is not obvious.
