Beware fake Facebook notifications arriving in your email

Filed Under: Facebook, Social networks, Spam

Many Naked Security readers have been in touch asking about emails they have received, claiming to come from Facebook.

The emails, which don't - of course - really come from Facebook, claim that the recipient has "notifications pending".

Fake Facebook email

Subject: You have notifications pending

Hi,
Here's some activity you have missed on Facebook.

4 friend request

[Go To Facebook] [See All Notifications]

You have to admit, the emails look pretty convincing. So it wouldn't be at all surprising if many users were fooled into clicking on the link.

The link, of course, could go to anywhere. It could go to a phishing website, a webpage hosting a malicious download or something else unsavoury. When I tested the link in the emails I saw, they took my computer (via some redirects) to a Canadian pharmacy website offering to sell me Viagra and Cialis to improve my perfomance between the sheets.

Chances are that the spammers are earning affiliate cash by driving traffic to the pharmaceutical website.

Pharmacy website

Of course, the perpetrators of the spammed-out campaign could change where it points to at any time.

Always be careful about the links that you click on, and be suspicious of unexpected emails. If you are a Facebook user and want to get a heads-up about scams and attacks involving the social network, join the Sophos page on Facebook.

, , ,

You might like

12 Responses to Beware fake Facebook notifications arriving in your email

  1. Krom101 · 840 days ago

    I've been getting several of these a day, (which my spamblocker has quarantined). All of them to emails NOT affiliated with Facebook.

  2. Charlie · 840 days ago

    This is going round Facebook. I didn't know where else to post it. :(

    "IT IS OFFICIAL. IT WAS EVEN ON THE NEWS. FACEBOOK WILL START CHARGING. DUE TO BEING PUBLICLY TRADED ENTITY. IF YOU COPY THIS ON YOUR WALL YOUR ICON WILL TURN GOLD AND FACEBOOK WILL BE FREE FOR YOU FOREVER. PLEASE PASS THIS MESSAGE ON, IF NOT YOUR ACCOUNT WILL BE DISABLED IF YOU DO NOT PAY....."

    ^ Facebook said a couple of years ago they weren't going to charge...

  3. Mikelis · 840 days ago

    I got one of those, but it seems to be legit. The link does actually go to the facebook page (I checked the URL before I clicked).

  4. Jane Haislip · 840 days ago

    I have been receiving emails from sites that I have not requested. They seem to be geared towards something I've "liked" on f.b. which leads me to believe they are originating from f.b.
    Jane Haislip

  5. Larry M · 840 days ago

    "When I tested the link in the emails I saw, they took my computer (via some redirects) to a Canadian pharmacy website offering to sell me Viagra and Cialis to improve my perfomance between the sheets."

    Does the link really take you to a Canadian pharmacy, or does it take you to an Indian web page cleverly named and decorated with red, white, and maple leaves?

  6. Iain Dalgleish · 839 days ago

    There are a lot of LinkedIn spams around at the moment, perhaps cashing in on its recent security scare.

  7. Barbara H. Reich · 839 days ago

    I'm not computer literate so how do I differentiate between scam and legit fb links. I have an account w/fb. I am able to check for scam before opening up questionable emails, and if I am "told" no scam, then I'll open up my email. Also, when I went to Sophos page on fb, there was no info re installing scam detectors and any charges for same.

    • njorl · 839 days ago

      If you see an e. mail that claims to come from Facebook, or a similar site (and, for the purpose of this suggestion, I'm including Linked-In as a similar site), just delete the message, by preference without opening it. Then, visit the actual web site, by using your bookmark (/favourites link) for it, or typing its address. If there are genuine friend requests, connection requests, messages from friends/connections or the site administrators, you should find these quite quickly after logging into your account (assuming you hadn't set an insufficiently-complex password and your account has been hacked).

      Paranoia may be the best scam detector, for now, but I normally use a filtered DNS service (your ISP may have offer this as a service you can activate, or you can use a, free, third-party, one by editing settings on your PC or modem - search for "secure DNS" to get started) that blocks domain names the operator has identified as malicious. Certainly no panacea, but it's addition defence at no measurable cost.

  8. DiC · 838 days ago

    Oh, so that's how they got my email address (the Canadian pharmacy)!
    I guess I'll stop using the Facebook "Go to comments" link then. Thanks!
    (Tho' it is useful for opening a second Tab on fb ... I've never found another way of doing that.???)

  9. Richard Robin · 622 days ago

    Facebook does send falacious mails of new tags, contacts. Just to get you back in their basket. Facebook is a disease!

  10. Just a fake e-mail message from unknown sender

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.