Beware Fake Facebook Notification Emails

Beware Fake Facebook Notification Emails

Given Facebook’s near-ubiquity and its habit of changing user communication preferences on a whim, it’s no surprise that it’s the frequent subject of fake message scams from criminals. One scam email currently doing the rounds (I’ve seen it at least a dozen times in my own account over the last week) pretends to contain notifications of new friend requests in order to con unsuspecting users into clicking on a link.

As Sophos’ Naked Security blog notes, right now the link actually redirects to an online pharmacy selling Viagra, but that could easily be changed to a more malicious site. If you’ve got decent spam filtering options, chances are you won’t see these emails, but remember: it’s rarely a wise idea to click links in emails, even if they look authentic. (As you can see in the screenshot, a quick hover over the link shows this one isn’t.)

While social networks themselves are increasing used for scamming, email is still a popular medium. For more tips, check out our top 10 ways to stay secure on social networks.

Beware fake Facebook notifications arriving in your email [Naked Security]


  • There are also YouTube ones going around. Look exactly like a youtube email, it states that the video you uploaded is under review, the links are to non youtube sites.

  • They appear for Twitter and Foursquare, too. I’ve never even USED Foursquare and don’t ever plan to, why the hell would I care that “Diedre Barnes” has booted me out as mayor of some pub in New Zealand?

  • I think a lot of people are missing the point however. The reason why people are being enticed into clicking those links is primarily because they attempt to exploit your browser and/or browser plugins. From there its a simple game of uploading malicious payload. Basically its a numbers game of who is patched for vulnerabilities and who is not. And a lot of these vulnerabilities require scripting to be enabled. So the better way to protect yourself is to patch your system (especially browsers) and disable scripts from anything but trusted sources – and going one step further- don’t use browser and o/s combinations which are the most susceptible to attacks. Be different!

  • My friends warned me about this. So I clicked on it (I have “Best Antiviris 2012 Pro ” on my machine so I’m safe) but it took me to a pharmacy site. Thinking Facebook was now selling medication (makes sense?) I put in my credit card details.

    I’m not sure what happened after that, but I ended up at Facebook and posted a photo of the Tasmanian Devil talking about murdering people. I don’t remember him being that violent in the cartoons though.. but if he said it, I must be wrong. It got 5 likes and my best friend commented and said “LOLZ SOOOOOO TRU!”

Show more comments

Log in to comment on this story!