A chilling new scam campaign has emerged targeting more than 200 million Americans, all triggered by what appears to be a friendly greeting from someone you know.
Surprisingly, the message in question is a simple “How are you doing today?”, sent from hijacked Facebook accounts that have been commandeered by cybercriminals posing as friends or relatives.
Reported by Daily Mail, scammers begin by taking over a genuine Facebook profile.
Advert
This profiles are often compromised through phishing emails or fake password‑reset links.
Then, those stolen accounts are used to reach out to victims under the guise of familiarity. From there, an enticing pitch follows: fake government grants, giveaways, or even discounted products such as trucks or hot tubs. Victims are told they qualify for, as an example, a $150,000 government grant, but must first send a $2500 processing fee to secure release of the funds.
In one reported Fox News case, a retired tech worker called Jim received a message from a friend about Global Empowerment. The agent named “David Kelvin” offered him the grant and even sent a photo of a FedEx box supposedly filled with cash.
When Jim questioned the situation, “Informations” stood out as a red flag. That bad grammar made him suspicious, and ultimately, Jim was spared financial loss, but many others aren’t so lucky.
Advert
Another victim, Lesa Lowery from New Brunswick, lost control of her Facebook account after clicking a fake email purporting to come from Facebook security. She entered both her old and new passwords and inadvertently handed full access to scammers. While she could still view public posts, private messages and the ability to message vanished.
She told CBC’s Go Public: “I literally sat there and cried.”
'I literally sat there and cried.'
Advert
Experts warn this fraud is alarmingly difficult to detect because messages come from real profiles, complete with genuine names and photos. Victims often don’t realise until it’s too late that they have been scammed.
Cybersecurity advisor Claudiu Popa pointed out that the scammers rely heavily on time‑sensitive emotional language and deceptive imagery to create urgency: “Users are told the offer is real and time-sensitive. They are pressured to act quickly and trust the person messaging them.”
“They are pressured to act quickly and trust the person messaging them”.
Past data breaches have made the situation even worse. In one instance, a database maintained by a Facebook vendor, YX International, had its systems broken into and affected 50 million users.
Advert
Shortly afterwards, a separate breach exposed over 200,000 records from Facebook Marketplace. Criminals are now using phishing kits such as RaccoonO365, which can even bypass two‑factor authentication.
If you receive a casual Facebook message asking “How are you?”, even from someone you know, pause, don’t click links, and always be sure to independently verify with the sender, such as via a phone call.
Always use strong, unique passwords and enable two‑factor authentication, but stay alert even when it’s active. Never pay for a “grant” or giveaway. That’s especially one that asks for fees up front. And consider removing your personal details from searchable websites so scammers have fewer data points to craft persuasive impersonations.