Here's what it looks like:
From: Facebook, Artemus Rubert [mailto:firstname.lastname@example.org]
Sent: Wednesday, September 22, 2010 2:48 AM
To: MY EMAIL ADDRESS DELETED
Subject: Facebook password has been changed.
Dear user of facebook.
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
"With 500 million users, Facebook is one of the largest breeding grounds on the Internet for 'phishing' scams," said BBB President Tom Bartholomy in a statement. "Scammers are looking for any hook to get you to click on their links or attachments so they can get to your personal information."
The BBB warning comes exactly one day after their last Facebook scam alert, cautioning users to beware of another phishing scam known as "clickjacking," which tricks users into clicking on a link that triggers a program bombarding their e-mail accounts and everyone in their address books with spam.
A Facebook spokesperson said the company was aware of the scam and had posted a warning on its Facebook Security Page.
"Security is a top priority for Facebook, and we devote significant resources to helping people protect their accounts and information," said the spokesperson in an e-mail. "We've built numerous defenses to combat phishing and malware, including complex automated systems that work behind the scenes to detect and flag Facebook accounts that are likely to be compromised. Once we detect a phony message, we delete all instances of it across the site. People who've been affected are put through a remediation process so they can reset their password and take other necessary steps to secure their accounts."
These scams are literally becoming a daily occurrence, due primarily to the extraordinary amount of Facebook users, which at half a billion, exceeds the population of every nation on earth -- apart from India and China.
If Facebook's rapid growth continues, it's on course to exceed the total number of Internet users in China, which the Economist places at 420 million. According to Facebook, more than 50% of its 500 million active users log on in any given day and spend more than 700 billion minutes per month on the social networking site.
Apart from the enormous target of opportunity presented by the sheer number of Facebook users, scammers are undoubtedly aided by the fact that many Facebook users are young, and as such, probably more gullible and prone to click before they think.
The BBB urges Facebook users to be on the alert for the following red flags to avoid becoming a victim of identity theft:
Password changes -- Facebook is NOT going to send you an e-mail with a new password. If Facebook suspects fraudulently activity with your account, it will send a direct message to your Facebook account, and instruct you to go to your "Settings" button to change your password yourself.
Attachments/Links -- You should always be suspicious of e-mails that instruct you to download an attachment or click on a link. Attachments and links are the primary methods by which viruses, spyware and malware are spread.
E-mail address – If you only have your personal email address on your Facebook account and you get a "Facebook" e-mail on your business account, you should be suspicious and not open the e-mail.
Grammar, punctuation and typos – The grammar and incorrect punctuation used in the latest e-mail scam indicates that English is probably not the sender's first language. "Dear user of Facebook" is an example. In American English, it would more likely be "Dear Facebook User." Grammatical errors and awkward phrasing are tip-offs that the sender is probably in another country and that the e-mail is a scam. This is a red flag for any suspect e-mail you get, as most corporations will have any written information they send out to users and clients professionally copy edited.
The BBB also offers this general advice to stay safe online:
- Delete any suspicious e-mails as soon as you receive them.
- Do not click on any links.
- Do not download any attachments.
- Do not call any telephone numbers that may be in the e-mail.
- Protect your computer with a good quality, up-to-date, anti-virus software program.