Fake Facebook email invites you to tell 39 strangers you were duped

Fake Facebook email invites you to tell 39 strangers you were duped




A reader got in touch with me regarding a suspicious email they had received claiming to come from Facebook.


What made the reader suspicious? Well, amongst other things, they’re not actually a Facebook user. (Good for them.)


Let’s take a look at the email, which claims to be a warning that someone using an iPhone 11 Pro had tried to log into the account.






A user just logged into your Facebook account from a new device iphone 11 pro. We are sending you this email to verify it’s really you.



The email offers the users two options – “Report the user” or “Yes, me”.


Now, I was fully expecting that if anyone clicked on the “Report the user” or “Yes, me” options that they would be taken to a phishing page posing as Facebook, and designed to steal their login credentials.


To my surprise, however, neither option is actually a traditional web link.


Instead, if you were to click on the links (which use the mailto: URI scheme) your email client opens and you will find that you are sending an email to 39 different email addresses.


Here’s what you might see if you click on the “Report the user” button:





So, what does this mean?


You’re not being taken directly to a phishing page as you probably would have anticipated. Instead, you’re one step away (you still need to press “Send” in your email client) to announcing to 39 complete strangers that you can be lured into responding to suspicious emails.


Of course it’s always possible that one of these email ..

Support the originator by clicking the read the rest link below.