It was late at night, but Abdul could not sleep. Although he shut his eyes, his mind was wide awake. This restlessness started in October when he lost his closest friend to a car accident, and now, one month after, he cannot remember what a good night’s sleep felt like.
To ease his situation, Abdul reached for his phone to find some comfort. He strayed into YouTube, but the comedy skits he usually finds interesting now appear deathly to him. Thankfully, a notification beeped. A friend of his, Ahmed, has posted on Facebook and has tagged him in the post.
It was unusual; Ahmed hardly posts on Facebook. In fact, it was Abdul who, months ago, convinced a reluctant Ahmed to join the platform, and since then, he has yet to post anything until now.
“I had to check what he posted,” Abdul said. “I was curious and happy to know what he shared. Nothing could have deterred me from checking it up.”
Abdul was not so excited when he found out that Ahmed had tagged him alongside 99 others, yet it was the post that even disturbed Abdul the most. It was a video attached to a link with the description: “Oh man©, she moaning like a b*tch, haha, do not play if you are under 18, haha.”
Ahmed does not write this way, so Abdul was compelled to click the link and view the content. Lo and behold, it was porn! A lady was getting undressed, and a naked man stood beside her, stroking his genitalia.
Seconds into play, the clip halted, and a notification popped up, demanding Abdul’s Facebook password to continue watching. He couldn’t stop himself, they had already rubbed the honey on his lips, and his tongue was aching for a taste.
“At that point, I didn’t think twice. All I wanted to do was to finish watching the video. So I inputted my Facebook password and continued.”
But it did not stop there. Immediately after watching the video, he was redirected to a website he described as “Yellow dot,” with a welcome note on the homepage requesting users to subscribe with just N50 to win cash prizes.
The message on the website reads:
“Cash Out Daily
Climb the winning Ladder with
Just N50 to win Lots of cash and airtime
Click to play and wink
Available to MTN users.
YellowDot”
Abdul felt the urge to subscribe since he has not succeeded with betting sites. So he paid the subscription with his debit card before finally sleeping.
Early in the morning, streams of calls flooded his phone, waking him up abruptly. His cousin has seen similar porn links on Abduls’s Facebook timeline, tagging 98 friends. Confused, Abdul tried to recharge his line to make a call, but his account balance was empty. Just then, he realised something had happened to him.
“I wanted to call you (the author) for help, so I tried to recharge but found my account was empty. I checked and saw a debit alert message. They took everything. They tagged my lecturers, Imam, uncle, and many others to the porn post on my timeline.”
“I lost N56,000, my entire savings for the whole year,” Abdul said in utter despair.
Abdul is one of many victims who were swindled and had their Facebook accounts hacked by the porn scam.
Ruqqy said she was tagged via a friend’s post, and from there, she provided her Facebook password to watch further. In her case, the website was slightly different, but it also offered her the opportunity to make more money after subscribing. She also fell victim, losing her savings meant for her house rent.
“I can’t believe that I am (was) scammed. God will punish these people. They took everything as if they knew what was exactly in my account. N152,000 meant for my house rent,” Ruqqy told DUBAWA, not hiding her emotions.
Unlike Abdul and Ruqqy, James said he worried more about his reputation than money.
“Imagine if my pastor has seen this on my timeline or my aunt. Sincerely, I am glad I found out sooner,” he said.
Although they did not extort him, he was asked to download a certain VPN app with free installation.
“They asked me to download a VPN app and install it for free, but I sincerely did not have data at the time; that was why I stopped there.”
Abdul feels ashamed to reach out to the bank over the issue; James said he has not considered the bank but will give it a try. However, Ruqqy reluctantly tells DUBAWA that the bank (First Bank) told her there was nothing that could be done to refund the money.
Abdul, Ruqqy, and James, who spoke to DUBAWA after persuasion and a promise to hide their identities, are only three of the thousands of people who a recent scheme on Facebook has scammed. Although many had fallen victim, most of those DUBAWA contacted for this investigation decided not to speak or have their name on record because they considered the subject of the video hideous.
How it works
Once the user clicks the link and enters a valid Facebook password, it allows the scammer to impersonate the user (by reading the cookie stored on facebook.com) and advertise the scam on the Facebook page of the victim’s account. The perpetrator does not need to take over the entire account to post things, tag people to a post, or even make comments. When this happens, the victim’s friends are exposed, and the victim is subject to other possible attacks launched through links posted on the liked page.
Abdul, James, Ruqqy and other victims who spoke to DUBAWA said they had inputted their Facebook password to continue watching the video. This action gave the scammers access to their Facebook accounts. For thousands of other users merely tagged to the post, their doubt and the innermost Thomas in them kept them from giving out their password. So once people are unwilling to provide their password, the circle will stop.
Unmasking the crew behind the scam
It is difficult to track who is behind the scheme since scammers are continually creating new malicious URLs almost every day. None of the victims interviewed had the same URLs, and the ones on their timeline only lasted hours and then crashed. This is a usual tactic used by online scammers to avoid being tracked and uncovered.
However, DUBAWA successfully tracked one of the websites that users were forcibly redirected to and analysed it on Scamadviser, a tool that authenticates websites. The results show scammers used the website, and it has a very low trust score (only 1%), indicating a strong likelihood the website is a scam.
The tool further revealed that the website (companyforyouthsome.com) lacks reliable ownership details, location, popularity and other factors relating to reviews, fake products, threats, and phishing.
Results of the finding on Scamadviser.
DUBAWA further analysed the website on Trend Micro, a website that fact-checks websites. Findings from the analysis also rated the website as a scam platform.
When DUBAWA looked up the website on Whois.com to track the persons behind it, we found the personal details of the website to be protected from the public. The details available were that of a third-party domain privacy protection company (Fundacion Privacy) that provided ‘add-on’ services for websites to protect their data and keep it hidden from the rest of the world. This is a typical method used by online scammers to go under the radar without detection.
Even worse, the website’s homepage does not have a ‘contact us page’, ‘about us’ details, or even copyrights. This is a very suspicious attribute for a website pledging to sell products online.
Several authentication companies have flagged the website companyforyouthsome.com as untrustworthy and fraudulent.
No more social media
Abdul says he is now staying away from social media for a while and is encouraging people to be careful and conscious of their activities online.
“I can only advise people to be careful online. I have fallen victim to a scam and cannot even tell anyone about it. It’s shameful, but people need to be more careful online.”