Scammers Are Targeting Facebook Users With This Phishing Scheme
Scammers are relentless in their hunt for your personal information – from login credentials to credit card numbers – and one of the latest schemes is targeting Facebook users ( again ), this time in an attempt to open a permanent line of communication that they can exploit over time.
Malwarebytes Labs has discovered a login phishing scheme almost identical to the one I recently reported on that targeted Instagram users. Here’s how it works and how to avoid it.
Mailto: Phishing Attacks on Facebook Accounts
This scam starts like many others, with an unwanted email. The subject line is somewhat alarming: “We’ve received a password reset request for your Facebook account!” and despite the odd capitalization, you can click on it to confirm that you don’t need to do anything. The body of the email says that you’re receiving this email because someone just logged into your account from an unknown device, and Facebook wants to make sure it’s really you. There are two buttons to choose from: “Report User” and “Yes, Me.”
While many phishing scams direct you to click a link that takes you to a fake site designed to steal your credentials, this one (like the recent Instagram scam) uses mailto: links. If you click any of the buttons, or the “Unsubscribe” button at the bottom, your device will launch your default email program and open an email with a subject line that matches the text on the button. The reply email is not sent to a domain owned by Facebook or Meta, although the scammers use a technique called typosquatting to make the address appear at least somewhat authentic, like it belongs to companies like Black Diamond or Vacasa.
This may seem relatively harmless, since you haven’t actually provided any personal information in your reply. However, clicking “Send” verifies your email address, which allows scammers to target you in the future. They may also try to establish a relationship with you via email and gain your trust over time. Mailto: Phishing emails are more likely to bypass email filters than malicious links, so scammers may actually get to your inbox.
How to Avoid Phishing When Logging Into Facebook
Like all scams, this one uses persistence to convince you to act, because you want to protect your account from unauthorized access. That’s why you should always carefully check messages — emails, texts, social media posts, phone calls, etc. — that evoke strong emotions, including anything related to security. These campaigns tend to contain other common red flags, such as typos and grammatical errors, and usually come from email addresses, accounts, or phone numbers that are clearly fraudulent.
You probably know to be careful when clicking links in unsolicited messages, which also applies to mailto: links. Always hover over hyperlinks and buttons before clicking them. If a link opens a pre-addressed email, don’t send it. Remember that companies won’t ask you for sensitive information via email, and you should always use trusted communication channels, such as secure messages on your account portal or phone numbers listed on the company’s website, to ensure the request is legitimate.