Beware the latest Facebook phishing scam!
I'm confused, I got a notification from Facebook that there's "activity I may have missed on Facebook" related to a friend whose name is not familiar. Did someone hack Facebook and mess up my friend list or did that person sneak there way onto my friend list or something? What's it all mean?
You are wise to be wary as there are always scams floating about that appear to be from Facebook and other major sites. Facebook is a bit less interesting than, say, PayPal, because breaking into your account doesn't automatically grant the hacker access to anything particularly interesting, but then again, if their goal is to spam all of your friends with a link that installs a virus to turn their computers into a botnet or similar, well, that might be reward enough for their effort. And for you, well, losing access to your account is a pretty hard penalty to endure!
I actually received a wave of these "Here's some activity you may have missed on Facebook" notifications in the last few days too and spent some time analyzing them. In fact, they appear to be a poorly setup phishing scam. The goal of the message is to send you to a page that's mocked up to look exactly like a Facebook login page, but to actually harvest (e.g. record and store) your account name and password pair so that the malicious users can then log in to your account and change things at their leisure.
Obviously not good. So don't do it! In fact, for major sites like Facebook, it's easy to stay safe because any time you get an email notification from them, simply delete the email and manually log in to Facebook (e.g., type in the URL) as you would normally do. If it's a legit notification, it'll also appear on your account once you're logged in. Easy.
Let's have a closer look at how you can detect these before you click too. Here's the email notification I got. Looks legit:
Looking a tiny bit closer to the small print on the bottom, however, and you'll see that it's sent to an address that's not actually in use: "firstname.lastname@example.org". That's a big clue right there, but they could randomly acquire my real email address so that's not enough by itself.
A better step is to have an email system that shows you the target URL if you hover the cursor over a link before you click through, as Apple Mail does:
Pretty sure that "gebrueder-kunze.de" is not part of the Facebook server empire so it's a sure bet that there's something wrong here. Delete this message and move along.
Oh, and don't forget that you don't recognize the friend's name anyway. They haven't hacked your friend list, it's just a randomly generated first + last name with the hopes it'll sound kinda/sorta close to someone you know (and I am friends on Facebook with "Mike Arrington", so it's not a bad random guess).
If you do click on this particular one, you'll find that the backend of the phishing scam isn't set up properly and you end up here:
"Seite nicht gefunden" translates to "page not found". Oops.
Still, the standard rule of thumb applies: Don't click on links in email. Even from Facebook. Just log in to your account as usual and know that all of these scams are therefore easily sidestepped.
More Useful Facebook Help Articles:
✔ How can I block event invites on Facebook?
I have a friend who keeps inviting me to webinars where he pitches his make-money programs. I really like the guy, but hate...✔ Shortcut for blocking games on Facebook?
I saw your article from a while back about blocking Coasterville notifications on Facebook and was wondering if you had a shortcut or...✔ Update Facebook profile picture without notifying friends?
Hey Dave! Whenever I change my profile picture on Facebook all my friends are notified of this change. Not good. How do I...✔ How do I permanently block CoasterVille on Facebook?
My brother is really into Facebook games and the latest that he seems obsessed with is called CoasterVille. I think it's all about...✔ Disable audio notification sound in Facebook?
This is something new: When I'm logged in to Facebook I now get an annoying audio beep every time someone posts something new...
Let's stay in touch!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
I do have a comment, now that you mention it!
Check This Out Too...
Look for Answers
All Our Categories
Apple iPad Help
Articles and Reviews
Auctions and Online Shopping
Blogs and Blogging
Building Web Site Traffic
Business and Management
Computer and Internet Basics
d) None of the Above
Google Gmail Help
Google Plus Help
Industry News and Trade Shows
iPhone and Cell Phone Help
iPod, Sony PSP and MP3 Player Help
Kindle Fire Help
Mac OS X Help
Pay Per Click (PPC) Advertising
Search Engine Optimization (SEO)
Shell Script Programming
Tech Support Video Help
The Writing Business
Twitter, LinkedIn and Social Network Help
Unix and Linux Help
Video Game Tips and Help
Windows PC Help
Find Me on Google+
ADT on G+