Published: September 11, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
In 2022, there were more than 333 billion email messages exchanged. That’s according to the website Statista. And of those, roughly 36% are spam. While most email products are fairly good at detecting and sorting out spam for us, many unwanted messages still make it past the filters and into our inboxes. Many of those lead to scams, downloaded malware, or cause some other type of digital harm. The scams and malware don’t stop at email spam, however. They also just show up in your social media feeds. Two we’ve seen a lot of lately involve Facebook.
One claims that someone is trying to log into your Facebook account. There are indeed legitimate messages that are sent from Facebook that someone may be doing this, but there are slight differences in the scam vs. the actual messages.
For example, in the fake ones, there are buttons included that you supposedly can “report the user” or that you can click to claim “Yes, me.” Facebook doesn’t do this at all. They also do not add an 8-digit ID number at the end of the subject line.
Per Snopes, the messages you may see say, “Someone tried to log in to your account.” Then the ID number follows. The message is something similar to this: “A user just logged into your Facebook account from a new device iPhone 11 Pro. We are sending you this email to verify it's really you." There is also a version noting the device was an iPhone 12 Pro Max. However, you can bet there are probably similar messages noting Android devices and other versions of other devices.
Another post you might be seeing in your Facebook feed uses good old-fashioned clickbait. It claims that you may know someone who just died. It’s been seen in various forms, but often it’ll be an image of a news station. One I’ve seen often lately is from ABC 7 news in Los Angeles. The subject is often “Look who died” or some variation of that. Trust me, you don’t know who it is and you should not click on anything.
For both of these, do not click any links, buttons, or images. They are both fake. The first one is phishing for your login credentials. It may be expecting you to click the “Report the user” button and fill out a form. Same situation for the “Yes, me” button. So, don’t bother. The information will go back to the cyberthieves.
Look for the following clues on this one:
The buttons you can click
The ID number in the subject line
The sender’s email address is not one of the legitimate ones-facebook.com, fb.com, or facebookmail.com. Those are real ones, per Facebook. However, click on the arrow next to the address to make sure it’s one of these and not spoofed.
In any event, it’s best to go into your Facebook account and change your password. Also, make sure you have multi-factor authentication (MFA) activated. If you can use an authenticator app, it’s preferred over texts or email. Using a text message as your MFA is preferred over email.
The second post claiming someone died, can lead to malware ending up on your device. No one wants that, so just don’t be tempted. If you really want to know if someone you know died or even if a celebrity died, look for the information on legitimate websites and not on something you see on Facebook. If you click on one of these malicious links, you’re asking for trouble.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org