Scammers are most likely to pose as your friend — here’s why

I recently got a Facebook message that shook me. It was from an old roommate who I hadn’t spoken to in about 10 years. She told me she’d been in an abusive relationship and was trying to set up a GoFundMe to help her get away from her boyfriend. And she asked for my help.

While my instinct is always to jump in with two feet when someone needs me, I knew from experience that this woman has a… shall we say… complicated relationship with the truth. I’m pretty sure she lied to me in the past about having cancer and I know that she’s in and out of active addiction. But, at one point in my life, she was a very close friend of mine. She’d helped me out more times than I can count, and I wanted to show up for her if she needed it. 

---

Further reading: How to tell if you’re helping or being scammed online

---

However, I’m much more cautious in my 30s than I was in my 20s. I made it clear right away that I’d be happy to help her with any prose for her crowdfunding campaign, but I wouldn’t host it or do anything that involved directly touching money. That’s a firm boundary for me, always.

I also asked her a very specific question related to the time we lived together. It was something that I knew her current boyfriend wouldn’t know and I double checked our past messages to make sure it wasn’t something I’d mentioned via Messenger. I did this because I knew it was very possible that someone else — including her boyfriend — might have gained access to her account. The question was like my own version of two-factor authentication, confirming that I was actually speaking with the person I thought I was speaking with. 

That all might seem like a lot to some of you. But as someone who spends all day every day writing about online scammers, I knew that I needed to do my due diligence when it came to this type of request from a “friend.”

Avast research bears out my suspicions: According to a recent Avast survey that looked at the prevalence of online scamming, scammers are most likely to pose as your friend than they are to pose as your boss, a company, your partner, children, estranged friend or relative, bank, work colleague, or relative. 

In fact, for people between the ages of 25 and 34, 60% had experienced someone reaching out pretending to be a friend in order to get money from them. While the numbers were lower for the other age groups we spoke with, they were still consistently the highest when compared with the other personas a scammer might take on.

So what’s the deal? Why are scammers more likely to pose as your friend? The answer is both simple and complicated: social engineering.

What is social engineering?

When it comes to online scamming, social engineering is when cybercriminals pretend to be someone you know and trust in order to get something valuable from you. That something could be money, passwords, tax information, login info — basically anything that they can profit from. 

Usually in social engineering attacks there’s a sense of urgency. For example, someone might pose as the victim’s grand child and say that they’ve been arrested and need bail, but don’t want their parents to know. Or someone might send an email posing as your boss and ask for “urgent” paperwork. Or someone might hit you up on Messenger and tell you they’re an old friend trying to escape an abusive boyfriend. 

Once the scammer has you emotionally on the hook, they’ll come in with the ask. Posing as a friend is a particularly good move because we all want to help out the people we love — and, a lot of the time, people we once loved. Who hasn’t contributed to a GoFundMe to someone they knew in high school? But how likely are you to do the same if your work colleague posts about someone they knew in high school? Much less, right?

You’re also probably more likely to want to help a friend than you are to want to help a work colleague or even your boss. And while of course you’d be the most likely to want to help your partner and your children, it’s also a lot harder to convincingly pretend to be someone’s close contact than it is to pretend to be an old friend. 

In my recent situation, it turns out my old friend was sussing me out as much as I was sussing her out: as soon as I said that I not only wouldn’t touch any money but also that I write about internet scams for a living, she started to back off. It became clear fairly quickly that while I likely was talking to my friend, it’s also likely that she was trying to scam me. It was a bummer, for sure, but I also felt good about the fact that my detection system was clearly firing on all cylinders. 

How to protect yourself from social engineering attacks

If you find yourself in a similar situation, there are a few things you can do to protect yourself. First, verify independently that you’re speaking to the person you think you’re speaking with. You can do this by asking them a question only they would know the answer to, like I did, or by contacting them via another avenue, like a phone number you have saved for them. 

Second, be skeptical of any time pressure that they try to put on you. This is a tried and true scammer tactic: They want to create a sense of urgency so that you don’t think too hard about what they’re asking and you definitely don’t check on any suspicions you might have. My old friend said that she was trying to flee a partner who beat her. You can’t get much more urgent than that.

Which leads us to the third thing: Check in with someone you trust. If it feels fishy, it’s likely fishy, but sometimes we have trouble seeing that when we’re the one being targeted. Share the story of what’s happening with someone else and see what their reaction is. In my case, I reached out to another mutual friend who I’m still close with in order to get her take on the situation. She also thought the whole thing was odd and it not only validated my feelings but also got me to look more critically than I might have otherwise.

Fourth, make it a firm boundary that you don’t touch money when it comes to friends online. Period. No exceptions. If you feel like you absolutely must send someone money, do it via an avenue that they can’t exploit. For example, send it via Venmo so that they don’t have any personal information about you aside from your handle there. 

And, finally, if you do end up getting scammed, remember that there are literally professional scammers out there now; people whose entire job it is to use social engineering to get something out of you. So if you fall for one? It really isn’t your fault. Take the experience, learn from it, and move forward knowing you did your best.