1 lost message on Facebook? Spammers pull a fast one with bogus notification

Filed Under: Facebook, Social networks, Spam

Facebook claims to have more than 750 million active users, and many of them would have steam coming out of their ears if they thought they had lost a message from one of their Facebook friends.

And that's exactly what spammers are banking on in their latest campaign, where they have sent out messages pretending to come from Facebook:

You have one lost message on Facebook

Facebook sent you a notification

You have 1 lost message on Facebook, to recover a message follow the link below: [LINK]

FAQ: Can you recieve messages if your inbox is full?

The spammers might also like to check their dictionary next time they compose an email. They've spelt "receive" incorrectly - as my mum always told me, it's "i before e, except after c".

Of course, in your hurry to read a missing message you may not have noticed the spelling mistake and may have blindly clicked on the link.

Can you guess what you'll find at the other end?

Well, I must admit I was fully expecting to come across a phishing site - designed to steal my Facebook username and password by providing me with a bogus login screen. But instead, when I tried the link, I was redirected to a Canadian pharmacy website trying to pimp drugs to me instead.

Canadian pharmacy website

Of course, the people behind this spam campaign could change where they point you at any time, or vary the destination depending on what type of browser or operating system you are running, or where you are based in the world.

Always remember to be on your guard when receiving unsolicited emails. It's child's play to forge a "from:" address or to create an HTML email which looks at first glance to be the genuine article. A nice font and corporate colours do not a legitimate email make.

Hat tip: Thanks to Naked Security reader Remy for sending us a tip about this spam campaign.

, ,

You might like

11 Responses to 1 lost message on Facebook? Spammers pull a fast one with bogus notification

  1. K.S. · 1461 days ago

    not that I'm in cahoots with the spammers, but if you are going to critique someone else on their spelling.... perhaps you should check your own. "But instead, when I tried the link, I was redirected to a Canadian pharamacy website trying to pimp drugs to me instead." its pharmacy.. especially if your image right below your post spells it correctly.

    • Touche! (wish i could find my extended character to do the accent)

      I will correct my sloppy spelling immediately.

    • Orthographically · 1461 days ago

      Psst. . . there's a big difference between fatfingering and poor spelling/grammar. For instance, the "its" in your comment should be "it's." Also check your capitalization throughout. . .

      Anyone who needs to churn out content before it goes stale is bound to make a couple typos from time to time, but the Naked Security guys are on the whole quite good.

      • Marshall · 1460 days ago

        wow; punktuation and ghrammer natsies. geese, do u guys haf anythink better to due then correkt poepeles mistacks? have fun with this won. :-)

  2. actually, your mum was wrong! There are more exceptions to the "i before e except after c" 'rule' than there are words which adhere. So much so, in fact, that this maxim is no longer taught in British schools.

    • Spanish speaker · 1406 days ago

      Are you moron? The exception is implicit in the rule... that's why it says "except". "receive" is not an exception, it's an example with the exception.

      To make it clear to you (thing that you elementary school teacher school should have done), It's always 'i' before 'e', THE EXCEPTION is when before the last letter was 'c'.

      By the way English is not my first language... I'm just learning.

      • Only Me · 1355 days ago

        If you are just learning English (or the American version of it), then you may not have come across words like weird or science.
        I suggest YOU go back and have a word with whomever is teaching you to be critical of others without the depth of knowledge to make informed comment.

  3. savszymura · 1461 days ago

    That's a super lame technique.

  4. TheWay · 1445 days ago

    I believe you received that text because you inquired about Viagra.........

  5. Mark · 1374 days ago

    i does not come before e, although both come after c.

  6. Connie T · 1048 days ago

    Not so lame- I almost fell for this after finding this in my email tonight, even though I follow Naked Security on Facebook. I'm not sure if this wasn't shared on the Facebook page or if Facebook, in its infinite algorithm wisdom, decided I didn't need to see that post.. =P

    Good thing that by long habit I check where a link is going when I mouse over it, and I saw something about "terror" something or other, and I knew that had to be wrong!
    I actually moused over the "Frequently Asked Questions" panel, because something didn't sound right about the whole idea of lost messages and "full" mailboxes. It otherwise looked perfectly legit. I then moused over the other links and when I saw they all went to that bogus looking address, it confirmed itself as a scam.

    (I used to catch the slightest spelling errors in a heartbeat, I guess I'm getting sloppy these days, so many times I start seeing what I expect to see now, and never saw that spelling error. Not sure if that comes from being married to one of the world's worst spellers :) or just tired eyes.)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley