So you’ve diligently endured the process of confirming all your Facebook profile and privacy settings. You’ve set your Notifications so that you’ll be notified if someone tags you in their photo, so it comes as no surprise when you receive an email from Facebook telling you that a close friend added a photo of you to their album. They’ve even included the photo as an attachment, which is very convenient since you’re dying to know which of your friends posted a picture of you. And then you click on the attachment…
How did that happen? That email looked legit – it used that familiar Facebook blue color, and the facebookmail.com even appeared in the From field. Plus, you really wanted to know who it was that uploaded a picture of you. But in reality that message was not sent by Facebook.
So how can you tell the difference between a legitimate Facebook notification and potentially harmful spam? The answer is not always clear, but let’s take a look at a legitimate notification from Facebook.
A significant feature in the legitimate email is the name of the friend in question – both in the subject and in the email content. If you have images enabled in your email client you’ll even see your friend’s recognizable profile photo. If you don’t see the name or don’t recognize your friend, that’s a red flag.
Notice also that even though this legitimate email has clickable buttons, there’s not an attached file for you to click. Facebook will not send you an attachment in a notification.
One common method people often use to identify spam is to look for a recognizable domain in the From field. This is not a fail safe method, as illustrated with these two examples. Notice that the legitimate email and the spam trojan message both show the facebookmail.com domain. Just because it looks like it came from the proper domain doesn’t always mean a message is safe.
Finally, if there’s ever any doubt, just log in to your Facebook account. Any legitimate messages for you will appear with the red tag in the top navigation bar.
Spammers continue to be creative in the ways they get us to click on their links, and we need to continue to be diligent in scrutinizing our email. You should never open an attachment that comes from a source you don’t recognize, but since Facebook is such a recognizable name, it’s being used to leverage malicious activities. Remember that email from Facebook is always IN ADDITION to the messages it delivers directly to your Facebook account. When in doubt, log into your Facebook account to see your legitimate massages.