With 2.85 billion users of Facebook, it is no surprise that scammers and identity thieves often use Facebook as the hook for scams and phishing emails which purport to be from Facebook that attempt to lure you into either clicking on links which can download malware, such as ransomware or keystroke logging malware or providing personal information that can be used to make you a victim of identity theft.

The latest Facebook  phishing scam starts with an email that appears to come from Facebook informing you that your password has recently been reset. You are then directed to a link to click on if you did not reset your password (which, of course, you have not). The log-in page looks legitimate, but it is not. It is a scam and if you provide this information, it will lead to identity theft and your Facebook account being taken over or, even worse, merely by clicking on the link, you will have downloaded dangerous malware.

Here is a copy of the email sent to a Scamicide reader.  I have blocked out the Scamicide reader’s email address and have disarmed the link.

Hi xxxxxxxxxx, Your Facebook password was reset using the email address xxxxxxx@aol.com on Sat, 29 Oct 2022 12:03:43 +0200 Operating system: Mac OS X Browser: Chrome IP address: 97.123.28.2 Estimated location: Albuquerque, NEW MEXICO, US If you did this, you can safely disregard this email. If you didn’t do this, please secure your account.  From Here Thanks, The Facebook Security Team

TIPS

There are a number of indications that this is a phishing email, most importantly it is sent from an address that has no relation to Facebook.  It also does not contain your name, but merely your email address.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.

If you receive and email like this and think it may possibly be legitimate, merely go to the help center for Facebook.  Here is that link.  https://www.facebook.com/help

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”