Smart SpendingSmart Spending

The 'friends mugged abroad' scam

Scammers are using Facebook to target your friends and their money.

By Karen Datko Oct 12, 2010 11:04AM

This post comes from Jim Wang at partner blog Bargaineering.


As more and more people use Facebook and other social networks, the probability that someone you know will be ensnared by a phishing e-mail grows.


Phishing, as it applies in this case, is when someone tries to steal your login credentials by sending you an e-mail that looks like it's from the network itself. The e-mail will look as if it came from Facebook, but the links inside will go to another site that looks like Facebook, where you'll unwittingly log in and give up your credentials.

This scam works because while people are usually on guard when they get e-mails that appear to be from their bank -- though phishing for bank credentials still works more often than it should -- they aren't as aware when they get an e-mail that appears to be from Twitter or Facebook. ("Oh, Jim sent me a shotgun in Mafia Wars. Must log in to see!")


The only positive in getting your Facebook account phished is that you don't lose any financial information directly. That's why scammers have turned to the "mugged abroad" scam. Once they get your account, they pretend to be you and contact everyone you know to tell them about your misfortune of being mugged while traveling. Post continues after video.

Unfortunately, this preys not on you but on your friends.


Just recently I had a run-in with this scam when a "friend" of mine e-mailed me to say that he and his family had been mugged in London. I don't know this person all that well -- more an acquaintance than a friend -- but if the story had been true, I would've helped him out. That's what the scam preys on.


Fortunately, I knew that he wasn't in London, so I knew it was a scam from the get-go. But, to see how it would play out, I tried to verify his identity using information I do know -- I know his wife's name and that they have no kids -- and the thief failed every test.


The e-mail

I'm writing this with tears in my eyes,my family and I came down here to London,England for a short vacation unfortunately we were mugged at the park of the hotel where we stayed,all cash,credit card and cell were stolen off us but luckily for us we still have our passports with us.
We've been to the embassy and the Police here but they're not helping issues at all and our flight leaves today but we're having problems settling the hotel bills and the hotel manager won't let us leave until we settle the bills.
Am freaked out at the moment.

Testing your 'friend'

If you are ever e-mailed or IMed by a friend claiming to have been mugged or is otherwise in distress, don't ignore it. There is a small chance that person actually was mugged or is in serious trouble and you don't want to ignore him.


There are two things you can do to verify someone's identity without that person realizing what you're doing:

  • Ask about things you expect only your friend to know. This one is obvious but may not work if you don't know the person very well. 
  • Ask about fake things that the person would know are fake. This acquaintance doesn't have any kids, so I asked him how his kids were. He responded, "Frazzled, but fine" -- a clear indication that the person who contacted me was a fraud. 

What should you do when you discover this? Tell your friend his account has been compromised and be sure to warn everyone else you think might have been contacted by the scammer. You may have verified that it's a fraud but others may not have and you want to protect them as well.


Have you ever seen this before? How did you react?


More from Bargaineering and MSN Money:

Nov 24, 2010 4:24PM
I got one of these once from a friend claiming to be at "a conference in London" (why is it always London?) and needing $2000 right away.  I almost believed it for a second, as the friend that it came from is a businessperson who actually would have a conference in London at any given time - not to mention reading the email at 5 AM bleary and sleep-deprived certainly didn't help.  I didn't do anything about it because I was pretty broke, but others did fall for it.  A few hours later, I got an email from the friend from a different email address, with identifying information in it (things that only she and those who knew her would know), explaining that she'd been hacked.  Had it come from anyone else I would have known immediately that it was a fake, but this is why they use them: there's enough people for whom this situation would be plausible and enough people who may be intelligent but just soft-hearted enough to go for it.
Please help us to maintain a healthy and vibrant community by reporting any illegal or inappropriate behavior. If you believe a message violates theCode of Conductplease use this form to notify the moderators. They will investigate your report and take appropriate action. If necessary, they report all illegal activity to the proper authorities.
100 character limit
Are you sure you want to delete this comment?


Copyright © 2014 Microsoft. All rights reserved.

Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.


Smart Spending brings you the best money-saving tips from MSN Money and the rest of the Web. Join the conversation on Facebook and follow us on Twitter.