Facebook Spoof in My Email

– Posted in: Facebook, Hacks, Passwords

I was cleaning out my spam folder today when I came across an email that jump-started my heart and got me a little panicked. It was an email that looked like it was from Facebook telling me that my password had been reset. I frequently check all my privacy settings and try to take all precautions that I know of, to keep my Facebook account safe. I subscribe to America’s Digital Goddess, Kim Komando’s newsletters, as well as other great sources, for security tips. Therefore, I know that I have my Facebook account reasonably secure. I also know that I could have it much tighter, when it comes to security.

When I saw an email in my spam folder saying, “Facebook password change” in the subject line, I did panic. It was only for a split second, but I also know how easy it is to jump to conclusions and start clicking on links. 

It’s always a good idea to peruse your spam folder periodically before dumping. You never know if the spam filters caught something valuable. With that said, one very important piece of information you must remember, as you’re sifting through spam, is that you are in the SPAM folder. I get thousands of spam emails, so my sifting process gets be a bit arduous. I know how easy it is to forget where you are and just click on a link to see what the email is about.

The image above shows you one example of an email caught in my spam. In one week’s time, I had two, from two different accounts. Neither was from Facebook!


Here are some pointers that you should use whether you’re in your spam folder or not.

What to look for before you click!
  1. Check the Sender’s email address.

    If the sender’s email address isn’t, “notification@facebook.com,” or “notification@mail.facebook.com,” or some variation ending with facebook.com, then DON’T CLICK on any links! You see, anything that you receive from Facebook will be from facebook.com.

  1. When given information about suspicious activity, Facebook will give you everything, what browser was used, what operating system, IP address, and even what city and state you’re in. If this information is not YOU, DON’T CLICK any links!

Hackers are getting very good at what they do. This email looks authentic! For one second, I thought this was from Facebook! Glad I didn’t click the link. I ran my mouse over the link and found it’s sending me right to a PHP page on a random website. (PHP is a recursive abbreviation that stands for “PHP: Hypertext Preprocessor.”)

We find and use PHP pages on most web servers. Developers use PHP to create dynamic and database driven websites. Typically, PHP is a server-side scripting language that is embedded into HTML pages to add features that HTML can’t do by itself. It is a very versatile language and has many uses. Some ideas of what PHP can do (but not limited to) are, interaction with databases in order to make dynamic websites, doing calculations and conversions, collect information in forms, manipulate web pages, and redirect users. 

Clicking an undefined, unfamiliar link is like downloading an *.exe file or *.bat that you’re unfamiliar with and running it. The downloaded file, when run, can deliver a payload of all kinds of adware, spyware, and viruses. Similarly, clicking a link that opens a web page in your browser can send you virus packets, spyware, or porn. Because that email looks authentic, you may believe those links will take you right to your Facebook account. However, more than likely, you’ll end up on a fake Facebook page. Its purpose is to grab your password or other personal information.

Be careful and check the sender’s name before you click!

0 comments… add one

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.