Anatomy Of A Facebook Update Scam
A lot of “Facebook update” scams are going around. These are emails designed to entice you into clicking links to malicious sites, thus divulging your login credentials and possibly infecting your computer with viruses and malware. I received several of these scams in a batch of legitimate Facebook emails, so I thought I’d dissect one for you so you can tell the difference.
The tactics used here are the same as the ones used by the fake Microsoft security bulletins I mentioned before. Again, the idea is to make you think the message is real when you are really being redirected to a bogus and potentially dangerous site.
First, note the use of the Facebook logo, fonts, and colors. The scam message looks almost identical to a real Facebook announcement, down to the mailing address at the bottom of the message. The trick is to mouse over the link WITHOUT clicking on it, and look in the status bar at the address to which you are being directed. In this case you can see you’re being sent, not to facebook.com, but to a scam site that may be waiting to harvest your login credentials or infect your computer.
If you receive a Facebook update, go directly to the Facebook site by typing www.facebook.com in your Web browser. You’ll be able to see your updates there and respond to them.
Remember, these scams are not limited to Facebook. Every social networking site, including LinkedIn, Twitter, and all the rest, are vulnerable to these sorts of tricks.
A final note of caution: Don’t friend anyone on a social networking site unless you’re certain you know who they are. A good rule of thumb is to view their profile to see if you have any friends in common, or to Google the person to see if they’re real. There are fake profiles out there which exist only to friend you and thus have access to your privately-posted information.
If you enjoyed this article, subscribe to the email version of Tech Tips for bonus tips, tricks and product reviews. Through December 1st, 2009, new subscribers will receive a special gift: my Ten-Step Computer Troubleshooter (PDF). Just click here to sign up.
thanks Triona, I did just receive a FB scam. Knew it though because the e-mail address it was sent to was not my user address.
Hi Kathy, I have had the same experience. But sometimes the scams come into your bona fide address, or are otherwise tricky to catch. Thanks for writing!
Hi, Triona. I’m relatively sure this is how my entire home network ended up infected – a fake Friend request that had been FWD’ed to my email. grrr.
Is this your real site? (lol – yes, I’ve been paranoid since getting infected back around Valentine’s Day.)
Thx for the update. LK
Thanks for publishing this. I’ve been getting a lot of these and because I knew it was not how Facebook worked, I didn’t click. But I didn’t know how to check. Great tip!
Hi Lisa, yes this is my real site!
It’s always good to be paranoid. There are plenty of fake friend requests and other phishing scams like this out there.
Hi Ann, glad you liked the tip!
Very valuable piece