From: Facebook [password+mxxayybx@facebookmail.com]
Date: 14 January 2008 03:02
Subject: Facebook Password Security AlertHey Jenny,
We have reset your Facebook account password for security reasons. You will need to use the link provided in this email to create a new, secure password for your account. In the future, please make sure that when you log in to Facebook, you always log in from a legitimate Facebook page with the facebook.com domain. To reset your password, follow the link below:
https://login.facebook.com/reset.php?email=[my email address]&cc=[random string of numbers and letters]&tt=[random string of numbers]
(If clicking on the link doesn’t work, try copying and pasting it into your browser.)Please contact info@facebook.com with any questions.
Thanks,
The Facebook Team
This message popped up in the bottom corner of my screen this morning, as an alert from Google desktop. I saw “We have reset your Facebook account password” and groaned. “Why must they do this?” I thought. So I signed onto my email account and read the message.
“Hmm… sounds a little fishy”. I looked at the “from” address. “facebookmail.com, a-ha!”. Just as I was about to click the “report spam” button, I saw the link they had given me started with “https://login.facebook.com/“. I hovered over the link, and it indeed led to where it said it would lead.
The easiest way to determine if a message is spam is by looking at the link address. If it does not begin with https://login.facebook.com/, then it is not a legitimate email. Hackers will try to send you to address that look like Facebook, but are actually something like http://www.facebook.loginfb83920.com/, which will take you to the site loginfb83920.com and not facebook.com. (Make sure to hover your cursor over the link and look at the bottom left of your screen; the hacker can easily disguise a link to look like this: http://www.facebook.com/ but it will actually take you to a different site.)
Second check show that everything is spelled correctly. If this a scam, they’ve done a nice job.
And hey! My name is there! I used to always get spam with my name on it, but that was because my name was my email address. Now there’s no way of deducing my name just from my email address. This is also another point for legitability, but the whole idea is still fishy…
Hmm…
I click the “report spam” button anyway and go on to Facebook. That’s strange, I’m logged out. But no biggie, that happens occasionally. Now, I have different passwords for different places, and I’m usually just automatically logged in, so after trying various passwords… it still wasn’t working. I clicked the “forgotten password” link and got another email from that same address with the same link (except that the cc and tt numbers in the URL were different). I clicked on the link on the email *I* requested. I changed my password and… now I’m logged in properly.
“@facebookmail.com” and not “@facebook.com” definitely set off an alarm. That was a really poor choice on Facebook’s part, but facebookmail.com is where official Facebook mail is sent from, since all my previous wall notification emails were also sent from a facebookmail.com address. However, email addresses are easily spoofed, and an @facebookmail.com email may be legit or it may not.
This is a fairly new issue, since only a TechCrunch comment and a LiveJournal entry have mentioned this, both from this earlier month (January 2008).
David and mickeysix have left some comments below with good information on the issue, explaining how it might be a scam. Scroll down to read them.
June 4, 2008 at 7:37 PM
I just got this same message and, thinking it was spam, junked it and just for funsies, tried to log in to FB. No dice. I’m glad I’m not the only paranoid person out there.
June 5, 2008 at 10:10 AM
I just got the same email. My thought process was exactly the same as yours. :o)
It turns out that this is a legit email. I wonder what caused them to reset our passwords?
June 15, 2008 at 7:54 AM
I have just received a message from: wallmaster+of=20929@facebookmail.com it purported to be a wall message from a friend and read:
her profile is
[link removed]
I clicked on the profile link and immediately got a:
“Suspicious Web Page Blocked” from my Symantec software. So there is something very dodgy about this indeed!
June 19, 2008 at 1:13 PM
Hey Jane.
It looks like that link is not a legitimate Facebook page (I’ve removed it so no one mistakenly clicks on it and logs in). The most important part is the end of the address:
facebook.com.profile.id.bvbu38.krpz.dortos.net/
“facebook.com” needs to be at the end, just before the slash. The website is actually located at dortos.net, and everything before that is only a subdomain. Most sites do this to trick you into thinking it actually is Facebook/whatever site.
December 3, 2008 at 3:28 PM
Now even in danish with this.
“topic”
“message”
December 10, 2008 at 1:49 PM
I can assure you this is not a legitimate e-mail from Facebook. For starters no-one at facebook can ever reset your password in this manner and no legitimate company would ever send this type of e-mail.
It appears that this is the first of new set of sophisticated phishing scams of which there a few variants. It is called a man-in-middle attack and in fact although you actually see a legitimate facebook site, all the inputs you are sending are routed through a proxy. All you are doing is obliging them by supplying them with your passwords.
I’m not sure why they are collecting the passwords from the gullible masses, but that is what they are doing.
You should log into facebook from a different computer and reset your password from there. In general, you will NEVER be asked to change your password. That is a major security loophole.
December 10, 2008 at 2:17 PM
I don’t know much about proxies, but if the address begins with https://login.facebook.com/, I don’t see how the information you enter there can go somewhere else.
I’ve being looking at “man-in-the-middle” attacks, and it seems the only possibility would be that there was some malicious code in the email that hijacks my connection. Am I right in thinking that?
February 2, 2009 at 5:36 PM
Jenny: you’re correct in thinking that under normal circumstances, clicking a link to https://login.facebook.com will take you to a Facebook page and not a spoof. I have seen some recent malware that performs what’s known as DNS spoofing, where the malware (which must be installed on your system) captures the user’s attempt to access websites at certain domain names and routes the user either to a rogue server or to “nowhere” (to prevent people from downloading antivirus software or updates in order to clean the infection).
However, this can’t work unless you’ve actually got said virus infection on your PC already. Nevertheless it is entirely possible for such an infection to send out a bogus email to the victim’s email account like the one the OP mentioned; the user would then click on the link thinking it was safe and be presented with a legit-looking login page, even with the correct domain name in the address bar. But because the user’s DNS resolution has been compromised, the actual IP address of the receiving server would NOT belong to a Facebook server but to one set up or used by the malware’s authors. User tries to login, gets “invalid login” and the bad guys now have the user’s account credentials. In fact, because of the DNS compromise in this hypothetical scenario the email wouldn’t even be necessary; any time the user tried to login to Facebook at all they’d be at risk.
This would be a complex attack and is an unlikely scenario, but it’s well within the realm of possibility. Practically speaking, though, it’s an incredibly remote possibility.
Bottom line: if you ever get such an email, ignore it. If you absolutely must satisfy your curiosity, then do what David suggested and log in from a different PC by going directly to facebook.com (or myspace, or whatever) using the browser’s address bar.
February 2, 2009 at 5:46 PM
Sorry for 2x post, but forgot to mention: of course, there’s also the classic situation — if Facebook’s main page was hacked and the email above had been crafted to coincide with that, game over.
May 3, 2009 at 10:11 PM
I deactivated my facebook and facebookmail sent me something saying someone else had reactivated my account without my permission.
May 15, 2009 at 11:32 AM
My facebook account got hacked a few weeks ago and although I did all the security things . . . I got this email this morning and I can’t login to Facebook also.
Is there any way to not just deactivate but DELETE your account on facebook?
May 20, 2009 at 4:22 PM
well i know it’s not a facebook legit mail because it wasn’t sent to my accounts’ e-mail =\
May 26, 2009 at 4:59 PM
Well, I know that no one has access to my gmail account password, and that’s the email account tied to my facebook page. I got an email from facebook (well, from the facebookmail thing) stating that someone else had registered with my gmail account, and that my access using that gmail account was terminated. Actually, here’s what it said:
I have no clue how this happened.
May 28, 2009 at 4:11 AM
Someone else has used my computer and has login to facebook now I cant logon, is this a security alert
May 28, 2009 at 12:30 PM
I just got that email too Brett! Weird.
May 28, 2009 at 5:38 PM
If you are sent a message from Facebook to an email address that you do not use on Facebook, it is definitely a scam. If your mail provider lets you report emails, you should do so. As long as you don’t follow the links and enter any information, as well as have a good virus protector, you should probably be safe.
May 29, 2009 at 5:29 AM
Hi guys. Interesting post but I’m afraid I have a twist. I’m using a catch all on my domain email and I received mail sent to user name ‘koko’ (my user name is ‘peter’). I know that there is no ‘koko’ mail address on my domain so its spam. Same idea though, comes from facebookmail.com and looks to have legit facebook links. This mail however is trying to spoof a new sign up with a ‘confirm this is your address’ link. Its even been html formatted to look like facebook. The images (if allowed to load) will come from static.ak.fbcdn.net too which i think is legit. It is all very crafty but there is some kind of unexplained code in the original mail. For example the text in the mail reads: ‘Om du har frågor kan du läsa vår Vägledning för nybörjare’ (oh yes its swedish too) but when you check out the original message code it reads: Om du har fr=C3=A5gor kan du l=C3=A4sa v=C3=A5r nya anv=C3=A4ndarguide:
http://www.facebook.com/n/?help/new_user_guide.php&mid=3D88ee84G6da71e8eG99b5G4b&code=and so on…]
I would like to know what all the C3=A4 and all that in the code. Its well fishy and I would recommend staying clear myself. Tried to contact facebook but thats not easy.
May 29, 2009 at 2:03 PM
Hey I finally got a response from Facebook, and there’s a little tid bit of information that should be of help.
The email from facebook came through as “The Facebook Team,” and NOT just “Facebook.” So I guess you could say that if you get any email supposedly from Facebook that isn’t from “The Facebook Team,” you should be cautious of the content. This email from “The Facebook Team” also did NOT contain any links. Another thing to be on the lookout for.
I’ve also asked them how someone can register another Facebook account with my email address since I don’t share my passwords with anyone, and if they respond with useful information I will post that as well.
Just trying to share the information as I get it.
June 8, 2009 at 11:35 AM
Has anyone ever gotten a message like below:
My bf received above message (allegedly from me) recently yet I have no recollection of sending him an invite through fb because I know he will not join. He does not have an account with fb, nor has he ever set one up.
All the links seem legit, but I worry that someone has hacked into my account and somehow sent him an invite? Is that possible?
Thanks,
Christine
June 8, 2009 at 3:10 PM
Hey Christine,
That does look like a legitimate email. If it just said “Christine” (no last name), then maybe it came from someone else named Christine? Or maybe you accidentally sent an invite without realizing it (I know sometimes certain applications will send notifications to my friends or feed that I didn’t intend to send).
If you are at all worried that your account has been hacked, you should change your Facebook password and maybe even your email password, just to be safe. If the only suspicious activity you’ve seen is this invitation though, I doubt your account is in trouble, because usually you can tell if someone else has been in your account (changed password, vandalism, etc).
June 22, 2009 at 12:20 PM
I’ve just received an email like Christine’s boyfriend did. It says that I’ve been invited to join Facebook by 2 different people. One has a very familiar name with no picture and the other is a semi-familiar yet popular name with a picture I can’t really see. I have a facebook with a different email address than the one this email was sent to. If I click on the links in the email it just takes me to my facebook homepage. Anyone have any ideas?
June 24, 2009 at 4:01 AM
I just got the same “invite” email. Except it was from myself and I know I never sent it. I have two primary email/gmail addresses. This was sent supposedly from my FB acct (which is associated with gmail acct A) to gmail acct B — which I have sent shared public links to before in order to simply then fwd them along to friends who are not on FB (pics and the like) but never a friend invite as I am already on FB. And, it happened at a time earlier this evening when I was nowhere near a computer & hadn’t been for hours. I smell a spam-flavoured rat!
June 28, 2009 at 7:17 AM
Just for the record – I also shut down my FaceBook page and a friend of mine recieved a rather disturbing message from the following email address {notification+ayy_y6a6@facebookmail.com} is there anyway of finding out were this message came from and who sent it?
July 22, 2009 at 2:58 PM
while it is true that you should check links, it is not good enough to simply hover your mouse over it, it is incredibly easy to set the status bar text to whatever you want so the link could in fact be taking you anywhere.
August 10, 2009 at 1:36 PM
Hi, I’ve just received this e-mail from @facebookmail.com and Facebook have NEVER asked me for my credit card details before and don’t see why they should be now. The link takes me to a web page to enter the info
What do you guys think?
By the way, facebook didn’t contact me recently
From: Facebook
Sent: Monday, 10 August, 2009 18:16:57
Subject: Facebook Account Confirmation
Dear Facebook user,
As part of our security measures, we regularly screen activity in
the Facebook system. We recently contacted you after noticing an
issue on your account.
We requested information from you for the following reason:
We recently received a report of unauthorized credit card use
associated with this account. As a precaution, we have limited
access to your Facebook account in order to protect against future
unauthorized transactions.
Confirmation Code #: 1554784718
This is a reminder to restore your account as soon as possible.
Please download the form attached to this email and open it in a
web browser. Once opened, you will be provided with steps to
restore your account access. We appreciate your understanding as
we work to ensure account safety.
In accordance with Facebook’s User Agreement, your account access
will remain limited until the issue has been resolved.
Unfortunately, if access to your account remains limited for an
extended period of time, it may result in further limitations or
eventual account closure. We encourage you to restore your Facebook
account as soon as possible to help avoid this. We thank you for
your prompt attention to this matter. Please understand that this
is a security measure intended to help protect you and your
account. We apologize for any inconvenience.
Sincerely,
Facebook Account Review Department
The Facebook Team
September 15, 2009 at 2:41 AM
i just recieved an email from “notification+ysj=94c@facebookmail.com” telling me i had to log in to confirm a friend request – from what i can gather the @facebookmail.com can be created by anyone and that their are some clever people out there not being very friendly and trying to capture our passowrds and details….best advice….stay off the net!
October 4, 2009 at 12:56 PM
HAHAHAHA…. :P About 1 min ago I went through my email and saw the the email I had gotten was facebookmail.com and I totaly freaked out, OMFG PASSWORD CHANGE :P
so I googled it and here I am.
November 5, 2009 at 12:00 AM
Dear All,
There are multiple things going on here with these emails purportedly from “facebook.”
In short, the ones I checked out are, indeed, spam!
For example — notification+ayy_y6a6@facebookmail.com — is a legitimate DOMAIN registered to FACEBOOK (facebookmail.com) but I could not look up the email. Most likely, if it ever existed, facebook has now disabled this account.
MORE IMPORTANTLY, the actual LINKS hidden behind the magic BUTTON the sender wants you to click on directs you to a whole different place, on all of the examples I checked out, including one I received.
For example –>> http://www.facebook.com.ed: removed random string].eu/globaldirectory/LoginFacebook.php?ref=[ed: removed number]&email=zzzz@zzz.net (where zzzz@zzz.net is your email address.)
Notice the .[random string].eu AFTER the http://www.facebook.com
This redirects you to a WEB site in the EUROPEAN UNION!! (.eu)
You really have to watch out, and make sure you do NOT ignore “the man behind the curtain!” [Wizard of Oz]
FYI
Steve
ABC Computing Services
November 27, 2009 at 5:35 AM
Got two of these under different heading to two addresses neither of which are mine but slightly different messages They were:
new login system
Dear Facebook user,
In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security.
Before you are able to use the new login system, you will be required to update your account.
Click here to update your account online now.
If you have any questions, reference our New User Guide.
Thanks,
The Facebook Team
and
Facebook Update Tool
Dear Facebook user,
In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security.
Before you are able to use the new login system, you will be required to update your account.
Click here to update your account online now.
If you have any questions, reference our New User Guide.
Thanks,
The Facebook Team
December 21, 2009 at 3:56 PM
So is there any resolution to these issues or do we just ignore all facebook message traffic?
December 31, 2009 at 7:17 AM
It’s not from Facebook. They sent it to a business email address that I don’t use on FB
January 25, 2010 at 11:34 AM
it dose my head in when you can’t go on facebook i think that the website should let you on facebook
February 14, 2010 at 11:43 PM
I just got one from facebookmail.com asking me if I want to by viagra, cialis, and vicodin…unless FB is going to extremes to make money, I would say there is no question, facebookmail.com is spam. Don’t even bother opening it.
May 1, 2010 at 1:12 PM
THIS IS A SCAM..
———- Forwarded message ———-
From: Facebook
Date: Sat, May 1, 2010 at 7:19 PM
Subject: Facebook Password Change
To: Zafar Halim
Hey Zafar,
You recently changed your Facebook password. (I DID NOT!!!) As a security precaution, this notification has been sent to all email addresses associated with your account.
If you did not change your password, your account may have been the victim of a phishing scam. (Ha! YOU ARE THE PHISHING idiot!) Please learn more about this, and how to regain access to your account at http://www.facebook.com/help/?topic=security
Thanks,
The Facebook Team
June 5, 2010 at 12:33 PM
agree, now getting “look at my pictures” from people i don’t know. if that’s really from fb than f fb
June 5, 2010 at 1:42 PM
I received an e-mail similar to Mueso – the thing is, the e-mail I gave Facebook as a contact is a Yahoo address, whereas I received the facebookmail e-mail in my G-mail account. My G-mail has nothing to do with my Facebook! Not to mention the ‘friend request’ was a strange one. I do believe that my settings on Facebook are no notifications through e-mail, for anything. So I’d say this is a scam.