The Institution of Analysts and Programmers

Paul Lynham FIAP gives his thoughts on how to stop this type of scam.

Recently two friends of mine have been the victim of scam Facebook users. The scammers setup a Facebook account using the details of the person they are trying to pass themselves off as. This account will copy the victim’s account as closely as possible, including name, gender, date of birth and profile picture, etc. They will then send a friend request to the victim’s friends on Facebook. Once the friend request has been accepted by an unsuspecting victim’s friend, the scammers start sending messages. These can include fake news or trying to hook them into some kind of scam, while also collecting information about the victim’s friends, so they can repeat the process. A variation on the scam appears like a friend is trying to warn you about your Facebook account potentially being hacked, but it is the hoaxer. 

These scams have been going on for the last few years and it seems Facebook is taking this seriously, especially if several people report the same scam. Although I only occasionally make use of Facebook, there would appear to be a fairly simple solution and Facebook already implements this solution in one direction – checking for duplicates. A user cannot send a friend request (outgoing) to someone they are already friends with, as Facebook prevents this. However, it would seem logical to check incoming friend requests in the same manner. 

Laying the responsibility on the user, who may have hundreds of friends and who can’t recall if they have already accepted a friend, is not a sound tactic. A better stance would be for the application to use the pattern of checking if a unique item already exists in a collection before attempting to add it. Without knowledge of the appropriate Facebook API, this may be one solution, when a friend request is received: 

potentialFriend = user.FriendRequest; 

existingFriend = user.FindFriend(potentialFriend); 

if Assigned(existingFriend) then 

  user.SendMessage(existingFriend,”Have you sent me a friend request?”) 

else 

  user.ConfirmFriendRequest(potentialFriend); 

In this simplified example, the attributes of the incoming friend request are used to check if the user already has a matching friend. If so, the existing friend can be messaged to see if they have sent a friend request from a duplicate account (some Facebook users have more than one account). Alternatively, the user can be warned. However, if the attributes of the friend request cannot find an existing friend, then the request can proceed for confirmation.  

There may be some reason Facebook is not employing this tactic already, but if so, it is not obvious. 

Presidents-Christams-Message-2021

The IAP is glad to once again be partnering with the Business Show 2021, as businesses come out of the dark following the pandemic it is more important than ever to support business.

Europe’s largest Business Show is back for 2021, returning to London’s ExCeL on the 24^th & 25^th of November, helping small businesses grow and develop. The 43^rd edition of the show will reveal the secrets of business adaptation, innovation and survival as we recover from the pandemic.

New for 2021 are our two new shows Working From Home Live and Retrain Expo, offering everything you or your business needs to successfully adapt to the ever-changing industry advances. Retrain Expo helps you re-skill and retrain for the future, whereas Working From Home Live offers the tools and resources needed to work remotely.

Register for your FREE ticket here: https://bit.ly/3CfNtPS

The Institution of Analysts and Programmers have become a founding member of the UK Cyber Security Council. This follows on from the work we have done with our other partners in the Cyber Security Alliance and the Cyber Security Council project board to create this body.

“The UK Cyber Security Council supports the professional development of those working in or aspiring to work in the cyber security profession. It seeks to support employers and individuals as they make career-shaping decisions, with advice on cyber security skills, professional development, and recognotion through certification and Chartered Status.”

The Institution recognises that cyber security is becoming key to protect society and marries up well with our aim of ‘Improving Software for Society’, by addressing key issues at the design stage of software development, rather than at the time of delivery.

For more information visit the UK Cyber Security Council website.

2015-Debt-Laws-and-Smells-Paul-Lynham