If you have a Facebook account, as many do, you may have received an e-mail similar to the one below. It claims to be from Facebook and asks you to confirm your request for deleting your account.
“Wait!”, you say. “I didn’t ask to delete my account,” although like most sensible Facebook users, this has crossed your mind on many occasions. You notice the instruction near the bottom, “To confirm or cancel this request, follow the link below.” Is this legitimate?
Here’s a hint. First, you’ll notice that the e-mail sender is not Facebook. It comes from an account called email@example.com. That doesn’t really look like a professional e-mail address, does it? And, while Facebook’s e-mail system is called Facemail, it does not have a separate domain name from Facebook itself. Facemail is part of the facebook.com domain.
Another hint can be seen in the fact that there is only one choice to confirm or cancel the deletion request. Normally, this would be two separate operations, and any reasonable website developer would have two separate links, one for confirmation and one for cancellation. Also, with alterations to any profile of any type of website account, you usually receive an e-mail that states that you should ignore the e-mail if you did not initiate the change in question.
In short, this is an attempt to get you to log on to Facebook, although that’s not where you’re really logging into, and giving the perpetrators your Facebook e-mail address logon (which they already have) and your password. This allows them to either take over your Facebook account or to logon separately from you and glean any information about you and all of your Facebook friends that they can.
Suffice to say, don’t click on the link in the e-mail. Simply delete it and forget about it, after a good laugh at your superior intelligence at avoiding the fraud.
By now, you may be asking, “Why did I get this in the first place? How did they get my e-mail address?” The short answer is that one of your friends did this to you. And, they may not even be one of your Facebook friends, either. Your e-mail probably got gleaned from someone using the Facebook Friend Finder, where they basically gave complete access to their e-mail address book to Facebook. Facebook retains the information in your address book, other than the username and password which they promise not to keep, to create shadow profiles of their users. They integrate the information from e-mail address books with the information you’ve shared on Facebook itself to build a substantially more detailed profile on you than you have provided.
And, since Facebook does seem to be incredibly lax in their internal security, it appears that much of this information has been stolen in a data breach.
Here’s a few things you may want to consider if you have a Facebook account:
- After every published data breach, regardless of whether or not you think your data was affected, change your Facebook password.
- Never use the Facebook Friend Finder. All you’re really accomplishing is screwing over your friends.
- Read any e-mail claiming to be from Facebook, or any other social media site for that matter, with a grain of salt.
And, whenever you use social media, keep in mind the advice they used to give the police officers at every briefing in Hill Street Blues: “And remember. Be careful out there…”