By Emily Long
Scammers are relentless in their pursuit of your personal information, from login credentials to credit card numbers, and one of the latest schemes targets Facebook users (again), this time in an attempt to open an ongoing line of communication that they can exploit over time.
Malwarebytes Labs has identified a login phishing scam nearly identical to the one I recently covered aimed at Instagram users. Here’s how this campaign works—and how to avoid falling for it.
Mailto: phishing targets Facebook accounts
This scam begins like many do, with an unsolicited email. The subject line is somewhat alarming—“We’ve Received a request to Reset your password for Facebook Account !”—and despite the odd use of capitalization, you may click just to be absolutely sure there’s nothing you need to do. The body states that you’re receiving this email because someone just logged into your account from an unrecognized device, and Facebook wants to verify it’s really you. There are two buttons to choose from: “Report the user” and “Yes, me.”
While many phishing schemes prompt you to click a link that leads to a fake website designed to steal your credentials, this one (like the recent Instagram scam) uses mailto: links instead. If you click either of the buttons or the unsubscribe option at the bottom, your device will launch your default mail program and open an email with a prefilled subject line matching the button text. The reply email doesn’t go to a domain owned by Facebook or Meta, though scammers use a technique called typosquatting to make the address look at least somewhat legitimate, such as belonging to companies like Black Diamond or Vacasa.
This may seem relatively innocuous, as you haven’t actually provided any personal information in your reply. However, hitting “send” validates your email address so scammers can target you in the future. They may also try to build a relationship with you over email and gain your trust over time. Mailto: phishing is more likely to evade email filters compared to malicious links, so scammers can actually reach your inbox.
As with all scams, this one uses urgency to convince you to act, because of course you want to protect your account from unauthorized logins. That’s why you should always carefully scrutinize communication—email, text, social media message, phone call, you name it—that provokes a strong emotion, including anything related to security. These campaigns tend to contain other common red flags, such as typos and grammatical errors, and they usually originate from email addresses, accounts, or phone numbers that are obviously fraudulent.
You probably know to be wary of clicking links in unsolicited messages, which goes for mailto: links as well. Always hover over hyperlinks and buttons before opening them. If a link does launch a pre-addressed email, do not send it. Remember that companies will not demand sensitive information from you over email, and you should always go directly to verified communication channels, such as secure messages in an account portal or phone numbers found on the company’s website, to confirm that the request is legitimate.
Disclaimer
The information contained in South Florida Reporter is for general information purposes only.
The South Florida Reporter assumes no responsibility for errors or omissions in the contents of the Service.
In no event shall the South Florida Reporter be liable for any special, direct, indirect, consequential, or incidental damages or any damages whatsoever, whether in an action of contract, negligence or other tort, arising out of or in connection with the use of the Service or the contents of the Service. The Company reserves the right to make additions, deletions, or modifications to the contents of the Service at any time without prior notice.
The Company does not warrant that the Service is free of viruses or other harmful components
