Beware fake Facebook notifications arriving in your email

Beware fake Facebook notifications arriving in your email

Many Naked Security readers have been in touch asking about emails they have received, claiming to come from Facebook.

The emails, which don’t – of course – really come from Facebook, claim that the recipient has “notifications pending”.

Fake Facebook email

Subject: You have notifications pending

Here's some activity you have missed on Facebook.

4 friend request

[Go To Facebook] [See All Notifications]

You have to admit, the emails look pretty convincing. So it wouldn’t be at all surprising if many users were fooled into clicking on the link.

The link, of course, could go to anywhere. It could go to a phishing website, a webpage hosting a malicious download or something else unsavoury. When I tested the link in the emails I saw, they took my computer (via some redirects) to a Canadian pharmacy website offering to sell me Viagra and Cialis to improve my perfomance between the sheets.

Chances are that the spammers are earning affiliate cash by driving traffic to the pharmaceutical website.

Pharmacy website

Of course, the perpetrators of the spammed-out campaign could change where it points to at any time.

Always be careful about the links that you click on, and be suspicious of unexpected emails. If you are a Facebook user and want to get a heads-up about scams and attacks involving the social network, join the Sophos page on Facebook.