A new malicious email claiming to be from official Facebook sources is reportedly hitting inboxes around the world. If you’ve woken up this morning and found an email from Facebook waiting in your inbox then it could be extremely prudent to approach it with a lot of caution and hesitation. This latest attempt to claim username and password details from unwitting victims is yet another example of the lengths that some individuals will go to in order to get their hands on authentication data for varying account types.
The email itself, like the majority of the Apple phishing scams that have come before it, does a fairly professional job of presenting itself in order to convince receivers to fall into the trap. Anyone who has received an official email directly from Facebook will immediately recognize how the mail is presented and could be forgiven for falling for it. The text within the mail says “You haven’t been to Facebook for a few days, and a lot has happened while you were away“. It then states that “your messages will be deleted in a few days“.
No additional information is provided as to why Facebook would suddenly decide to erase conversation history after only a few days of inactivity. The mail does however provide links to external websites under the guise of “View Messages” and “Go to Facebook” pill buttons.
As with most phishing scams, clicking either of those buttons takes the user to a third-party malicious website with the intention being to steal the username and password that is entered.
Eric Lingman – Microsoft Senior Sales Excellence Manager – was one of the first to detect the scam and has confirmed that the outgoing links are indeed malicious.
It’s becoming increasingly worrying and depressing to see the number of malicious and scam mails that seem to be landing in mailboxes at the moment. What’s more depressing is that a large percentage of those scams actually carry an air of authenticity that often tricks users into falling for the trap. Considering Facebook has so many users who value their account and conversation history, it’s likely that a fair few will be tempted to click the links to try and prevent any deletion.
Please, for the sake of your account integrity, don’t do it.