You are wise to be wary as there are always scams floating about that appear to be from Facebook and other major sites. Facebook is a bit less interesting than, say, PayPal, because breaking into your account doesn't automatically grant the hacker access to anything particularly interesting, but then again, if their goal is to spam all of your friends with a link that installs a virus to turn their computers into a botnet or similar, well, that might be reward enough for their effort. And for you, well, losing access to your account is a pretty hard penalty to endure!
I actually received a wave of these "Here's some activity you may have missed on Facebook" notifications in the last few days too and spent some time analyzing them. In fact, they appear to be a poorly setup phishing scam. The goal of the message is to send you to a page that's mocked up to look exactly like a Facebook login page, but to actually harvest (e.g. record and store) your account name and password pair so that the malicious users can then log in to your account and change things at their leisure.
Obviously not good. So don't do it! In fact, for major sites like Facebook, it's easy to stay safe because any time you get an email notification from them, simply delete the email and manually log in to Facebook (e.g., type in the URL) as you would normally do. If it's a legit notification, it'll also appear on your account once you're logged in. Easy.
Let's have a closer look at how you can detect these before you click too. Here's the email notification I got. Looks legit:
Looking a tiny bit closer to the small print on the bottom, however, and you'll see that it's sent to an address that's not actually in use: "ashley@askdavetaylor.com". That's a big clue right there, but they could randomly acquire my real email address so that's not enough by itself.
A better step is to have an email system that shows you the target URL if you hover the cursor over a link before you click through, as Apple Mail does:
Pretty sure that "gebrueder-kunze.de" is not part of the Facebook server empire so it's a sure bet that there's something wrong here. Delete this message and move along.
Oh, and don't forget that you don't recognize the friend's name anyway. They haven't hacked your friend list, it's just a randomly generated first + last name with the hopes it'll sound kinda/sorta close to someone you know (and I am friends on Facebook with "Mike Arrington", so it's not a bad random guess).
If you do click on this particular one, you'll find that the backend of the phishing scam isn't set up properly and you end up here:
"Seite nicht gefunden" translates to "page not found". Oops.
Still, the standard rule of thumb applies: Don't click on links in email. Even from Facebook. Just log in to your account as usual and know that all of these scams are therefore easily sidestepped.
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help
right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
Categorized:
Facebook Help
(Article 10662,
Written by
Dave Taylor)
Tagged:
facebook phishing, facebook scam, facebook security, online security, phishing scam
Previous:
Review: Temple Run 2
Next:
Enable Traffic Info in iPhone Apple Maps?
I received a warning that stated people have been using this phising scam to log into my account however now I cannot get into my account to atleast simply change my password, and I tried calling sumone and they told me they would only help me if I had paid them 150$...I identified all of the people correctly as my friends and it still did not load please let me know if there's something I can do to get back in my facebook.