Nilufer Hasanova was at work when her phone rang at 2:57 p.m. on July 8th. Looking at the caller ID, she saw it was a friend she hadn’t spoken to for over a year. Suspecting the call was a pocket dial, Hasanova ignored it and continued with her work.
Later that day, she received a Facebook message from the same friend, asking if they could continue their chat.
“I’d love to chat with you,” Hasanova writes. “But we haven’t been chatting, so I’m not sure what you’re talking about.”
“You’ve been texting me for two to three days,” her friend replies. She messages Hasanova several screenshots of the conversation.
The text messages start innocent enough. Initially, Hasanova’s friend is unsure who the texts are coming from; it’s a phone number she’s never seen before. Then the unknown texter identifies herself as Nilufer Hasanova; an old friend living on the opposite side of the country, just wanting to catch up. They ask about each other’s families, school, and work. It’s less than a dozen texts before the purported Hasanova says she would like to visit her sometime soon. Likely this summer. Can she bring her boyfriend?
“Sure you can,” messages the friend. “For how long are you planning to come?”
“For a couple of days,” replies the person claiming to be Hasanova. “I heard you guys have great night clubs there.”
The friend replies they do, but it’s been a long time since she has been to one.
“Yes, same here. I haven’t been to a club in a long time,” the texter responds. “Time to go craaazy. Hahahahaha.”
The friend’s reply of a curt “yep” doesn’t encourage the topic. But the purported Hasanova continues, saying she hopes to meet some hot guys at the club.
The friend questions how Hasanova plans to meet these men if her boyfriend is coming with her.
“He will stay at the hotel. I will make him stay lol,” replies the supposed Hasanova.
The text messages become increasingly inappropriate and reach a point when the purported Hasanova implies she was sexually assaulted by two friends while at a club. By the time this message was sent, Hasanova’s friend had started the Facebook conversation, asking to continue their chat via Facebook Messenger.
A screen shot of the first messages the scammer sent Hasanova’s friend. Photo courtesy of Nilufer Hasanova.
After reading the screenshots, Hasanova swears to her friend it is not her who was sending the messages. The area code of the number is not even Canadian; it’s from Denver, Colorado. A simple search of the phone number reveals it came from TextNow, an app that grants people temporary phone numbers.
Kathy Macdonald, an online investigator, says TextNow has a role to play, but it’s not uncommon for the app to be used for nefarious purposes.
“And when you try to call the TextNow number, it will go directly to voicemail,” says Macdonald. “So you can never get a hold of them over the phone, and this puts them at an advantage.”
Macdonald adds scammers often do a reconnaissance of social media.
“They’ll find information about the person on Facebook or Instagram,” says Macdonald. “So they’ve got a little bit of background information, and they have the TextNow number, so they can send out a message pretending to be somebody.”
Hasanova says her friend suspected it wasn’t her when the messages started to become inappropriate.
“But the person pretending to be me seemed to have all the right answers to continue being me.” – Nilufer Hasanova.
They knew she is a nurse, has a boyfriend, and speaks Azerbaijani. Hasanova says this information is on her Facebook, but she tries to keep her social media accounts private.
“It goes to show people can easily pretend to be you with very little information,” she says.
Nilufer Hasanova, who had her identity stolen from a scammer using the Textnow app. Photo courtesy of Nilufer Hasanova.
Sgt. Mike Swindells of the Calgary police cyber forensics unit recommends people make their social media settings as private as possible.
“It’s amazing how much information a bad guy can learn about someone through their social media,” Swindells says.
Although the messages from the scammer have stopped, Hasanova questions what the intent was. Macdonald says the motives behind these scams vary; it could be anything from coercion or extortion, to embarrassment. Hasanova suspects they wanted something from her friend and were pretending to be her to achieve this; Swindells and Macdonald both classify this as a form of social engineering.
Social engineering is a term used to describe the techniques commonly used by scammers that go after a person’s emotions and ultimately overpower their better judgement.
According to Macdonald, people should be particularly wary of scammer emails after a natural disaster.
Hurricane Katrina, the Fort McMurray wildfires, and the fire at the Notre Dame Cathedral all saw an increase in scammer emails pretending to be charities.
“People during these times are wanting to help and wonder how they can,” says Macdonald. “So when something as simple as an email comes along, asking for as little as $5, they click the link, enter their credit card number, and get scammed.”
Charles Hepler, a computer science professor at Mount Royal University, says scams often require more hubris and trial-and-error than they do technical knowledge. Hepler cites a recent social-engineering scam at Mount Royal University.
“They made up emails that looked similar to ours, asked if we were on campus (and) if we could do a favour. They wanted us to buy some Google play cards and then send them the codes.”
The email address was similar to the Mount Royal emails, but not similar enough to fool anyone. Like the scammer impersonating Hasanova, they were also not writing in the individual’s expected writing style.
“But they had done some things pretty well,” says Hepler. “They had copied and pasted the person’s signature file.”
Stats Canada found there were 32,968 cases of cybercrime in 2018 and 7,727 victims. Women were reported as victims in 69 per cent of the cases.
Alberta’s 2017 statistics showed a rate of 108.6 cases of cybercrime per 100,100 people. The phone call scams telling you your computer is infected have evolved to email scams saying your credit card is compromised. And according to Swindells, these emails can look reasonably legitimate. Emails from banks that ask you to click on a link are often a red flag.
Cyber scams are becoming more common. Be aware of emails asking for donations after a natural disaster. Photo by Kate Mackenzie.
“Instead of clicking on the link, we recommend phoning the number on the back of your card,” says Swindells. “Then you’re speaking to someone who would know if your card has been compromised.”
Macdonald says there are a variety of ways to help determine if something is a scam. If someone unexpectedly contacts you via email or message, it may be a scam. In which case you should ask yourself if this is normal behaviour for your friend, or is it normal for your bank to be contacting you via email?
“Look at the subject line,” adds Macdonald. “Does it have some reaction to an emotion? Is there something scary included or a sense of urgency to the email?”
Spelling, grammar, and syntax may also be clues to it being a scam, though Macdonald cautions that scams have improved and these errors are not always present.
Helper recommends looking at the Calgary police email scams and safety website for tips, or if you’re in a work setting, contacting IT services for help.
Hasanova says the experience has left her with a sense of guilt that is not uncommon for victims of cybercrimes.
“They blame themselves and often feel guilty and embarrassed,” says Macdonald. “Often they don’t want to report it to the police because of this.”