Facebook Phishing Scam and Other Related Warnings

I got a spam today trying to tell me my Facebook password had been changed. Actually, I got five different copies of the same message, one of which you can see in the accompanying image. Internet security site McAfee has issued a warning about this particular round of emails, but I knew it was a phishing scam before I even looked it up.

I thought it might be worth passing on for others, because this is an email with fairly serious consequences for anyone who opens the attached file. My email server routed the messages to my spam folder, but I have had instances in the past where blatant spam or even messages with potentially dangerous attachments have made it to my inbox.

"Facebook Password Reset Confirmation"

The email looks like a password reset notification. The subject reads: "Facebook Password Reset Confirmation!" There is also a tag to the subject - such as, "Important Message" or "Your Support." In one case the tag looks like a ticket number (I got "NR. 5595.")

The messages appear to come from Facebook's support staff, using identifiers such as: "Facebook Messages"; "Facebook Support"; "The Facebook Team" . Here are some of the email addresses I saw: ; ; ; .

The message in every case is addressed to an email other than mine - a sure sign of something not quite right in my inbox. The body of the email begins with the awkward salutation: "Dear user of facebook," or in one case, "Hey (email address of an unknown user)." The email continues:

"Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

"Thanks,
"Your Facebook."

Attached File Steals Passwords

The attached file is called: Facebook_password_xxxx.zip, where in my case "xxxx" is a 3- or 4-digit number.

This file does not contain your new password! Instead, it is a program that will allow your Facebook password, and other passwords you use on your computer, to be stolen.

The best thing to do if you receive a message like this is to get rid of the email. Mark it as spam and delete it or empty the contents of your spam folder. Facebook will never send you a password as an attachment, nor will they ever ask you for your password in an email.

Facebook Scams and Rumours You Might Hear

Be on the lookout for Facebook inbox messages from friends that contain strange links. One common scheme says you've been tagged in a video or photo, and the message contains a link that leads away from Facebook.

Another ploy is an inbox or chat message, or a status update claiming to come from a friend who is in financial difficulty, and needs your help. If you believe a friend's Facebook account is involved in a money transfer scam, report the issue to Facebook to report the issue so they can check it out. It's also not a bad idea to contact your friend outside of Facebook (phone, email, SMS, etc.) so they can warn other friends to steer clear of the scammers.

Get Your Old Facebook Page Back

While this was an option with some of the previous Facebook profile updates, the current one does not offer such an option. You won't be able to get back the old look, whether you join one group or a hundred that purport to have the solution. Downloading an application might make things look the way they did before - then again, do you know who made the application, or what else they might be up to? It's best to exercise caution with any Facebook app, but most particularly ones that are distributed through groups instead of by the usual route.

Those who claim they can pressure Facebook to change back to the old look if they get a certain number of people to complain or to join their group, are not likely to see much of a positive result. It's a good idea to be careful about joining Facebook groups, as well. Some less than scrupulous individuals have used popular complaints to get a group going and gain a large number of members. They then use the group to publicize a completely unrelated item (their own Facebook game, or even something completely unrelated to Facebook!)

Facebook is Going to Start Charging Money

I've lost track of how many of these hoaxes I've received - not just for Facebook, but for any number of other services. Threats of per message fees for email being instituted, or of Hotmail charging everyone for its email accounts. And of course with Facebook, there are the obligatory, "If Facebook Charges We'll Quit" groups that pop up periodically.

Sure, many services that started off as free ones do now have a fee associated with their use. If you read the terms of service you agreed to, you were probably given fair warning that might one day happen. However, many of the free internet services including Facebook also support their enterprises through advertising - you know, those annoying ads on the side bar or at the top or bottom of a page? Advertisers are paying for you and me to see those ads, so they aren't going to be interested in doing business with any free service that suddenly goes pay and loses a significant portion of its membership. Lost members equals lost page views, and for a service like Facebook that means lost advertising revenue.

Facebook lists charging for its services as one of a number of other hoaxes. It could still have plans to charge one day, but that will likely never see the elimination of free services. With many other services that added a fee, the change involved adding premium services for members who chose to pay. For example, email services or free web hosts offer to remove ads or to provide more storage space for a fee. Pay versions of free software are also available, in which ads are removed and there are more bells and whistles for the advanced user.

This "pay for premium" model seems to have worked very well for a number of web sites; there's no reason to believe it would be any different for Facebook. Furthermore, several hoax protest pages have been set up through Facebook as bait for unsuspecting users. Some of these pages have been used to distribute malware that is designed to hijack users' computers, or to bombard users with objectionable images.

I wouldn't worry about paying for your social networking any time soon. And I'd recommend you pass on these protest groups, just to be on the safe side.

Sources:

"Experts warn Facebook users about email scam" Canadian Press

"Facebook charges" Urban Legends Reference Pages

"Threats" Facebook Security