I’m confused, I got a notification from Facebook that there’s “activity I may have missed on Facebook” related to a friend whose name is not familiar. Did someone hack Facebook and mess up my friend list or did that person sneak there way onto my friend list or something? What’s it all mean?
You are wise to be wary as there are always scams floating about that appear to be from Facebook and other major sites. Facebook is a bit less interesting than, say, PayPal, because breaking into your account doesn’t automatically grant the hacker access to anything particularly interesting, but then again, if their goal is to spam all of your friends with a link that installs a virus to turn their computers into a botnet or similar, well, that might be reward enough for their effort. And for you, well, losing access to your account is a pretty hard penalty to endure!
I actually received a wave of these “Here’s some activity you may have missed on Facebook” notifications in the last few days too and spent some time analyzing them. In fact, they appear to be a poorly setup phishing scam. The goal of the message is to send you to a page that’s mocked up to look exactly like a Facebook login page, but to actually harvest (e.g. record and store) your account name and password pair so that the malicious users can then log in to your account and change things at their leisure.
Obviously not good. So don’t do it! In fact, for major sites like Facebook, it’s easy to stay safe because any time you get an email notification from them, simply delete the email and manually log in to Facebook (e.g., type in the URL) as you would normally do. If it’s a legit notification, it’ll also appear on your account once you’re logged in. Easy.
Let’s have a closer look at how you can detect these before you click too. Here’s the email notification I got. Looks legit:
Looking a tiny bit closer to the small print on the bottom, however, and you’ll see that it’s sent to an address that’s not actually in use: “firstname.lastname@example.org”. That’s a big clue right there, but they could randomly acquire my real email address so that’s not enough by itself.
A better step is to have an email system that shows you the target URL if you hover the cursor over a link before you click through, as Apple Mail does:
Pretty sure that “gebrueder-kunze.de” is not part of the Facebook server empire so it’s a sure bet that there’s something wrong here. Delete this message and move along.
Oh, and don’t forget that you don’t recognize the friend’s name anyway. They haven’t hacked your friend list, it’s just a randomly generated first + last name with the hopes it’ll sound kinda/sorta close to someone you know (and I am friends on Facebook with “Mike Arrington”, so it’s not a bad random guess).
If you do click on this particular one, you’ll find that the backend of the phishing scam isn’t set up properly and you end up here:
“Seite nicht gefunden” translates to “page not found”. Oops.
Still, the standard rule of thumb applies: Don’t click on links in email. Even from Facebook. Just log in to your account as usual and know that all of these scams are therefore easily sidestepped.