I just received an email from Facebook telling me about a new login system that they’re implementing in a few days, and telling me I need to log in and update my profile. I’m skeptical. Is this legit, Dave, or bogus?
It’s bogus, you’re right to be suspicious!
The message says this exactly exactly or slightly tweaked:
“In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security. Before you are able to use the new login system, you will be required to update your account.”
Seems legit, and even looks legitimate in your mailbox:
Look just a bit closer at the link, however, and you’ll see that there’s something fishy (and phishy too):
http://www.facebook.com.pinaoeeiili.com/usersdirectory/LoginFacebook.php…
What’s “pinaoeeiili.com”? I was curious, so I dug around a bit, and found that it was only registered yesterday (12/25/2009) and then immediately used for what we in the biz call a phishing attack.
The goal of the message is to separate you from your account and password information, of course, but if you aren’t the skeptical type and you don’t want to become skeptical, then you can use this simple trick: when you go to a site that asks for your login credentials, rather than just choosing a bookmarked site or typing in a URL, enter completely bogus credentials and see what happens! 🙂
If you do this on the mock Facebook login page on “pinaoeeiili.com” you’ll find that it proceeds to asking for your additional personal information regardless of what you specify because, of course, it has no way of checking whether you’ve entered your account password properly or not.
A better strategy, though, is to just become a bit more skeptical and suspicious of email you get. If Facebook really wants to change its login system, it’ll just tell you next time you check your account anyway, right?
Now, be careful out there!