/>
X

Can you spot a Facebook phishing attempt?

E-mail notifications are an important part of social networking services like Facebook. If you have to continually visit a web site to see what's new, you lose much of the excitement that comes with comments on your photos or other shared items. You might miss invitations to events or opportunities to connect with a long-lost friend who's in town for a day or two.But e-mail notifications are also a potential security risk. If a potential attacker can create a realistic-looking imitation of a Facebook notification, you might find yourself clicking on a link that can lead to malware or attempt to steal your login credentials.Spotting a fake isn't as easy as it seems. I've assembled four Facebook notifications that arrived in my e-mail inbox recently. Which are real, and which are fake? Answers are in the caption beneath each screen shot.
6286452.png
1 of 4 Ed Bott/ZDNET

This is a reasonably convincing fake, but a fake it is.

The word photo should be plural. That's the only typo in this message, which otherwise looks very similar to a real Facebook notification.

6286453.png
2 of 4 Ed Bott/ZDNET

This one's real.

If you thought it was fake, that's understandable. The link, filled with random strings of numbers and letters, doesn't exactly lend itself to easy parsing. In fact, many phishing attackers use long, complicated links like this one to disguise their true domain.

6286454.png
3 of 4 Ed Bott/ZDNET

This one's real.

Oddly, in this example, Facebook uses buttons to provide navigation to comments on items you've posted. In the previous example, you'll recall they used a long, complex URL.

How do you know whether that button goes to a safe place?Without inspecting it more closely, there's no way to tell. 

6286455.png
4 of 4 Ed Bott/ZDNET

This one's a fake, but it looks real enough.

The message offers three separate ways to navigate to its target. A Sign In button that matches the Facebook style, a text link next to the envelope icon, and a long URL at the bottom of the page.

Every one of these elements should look familar to a Facebook user. Without caerful inspection, it's very difficult to tell that this one isn't legit.

Related Galleries

Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza
img-8825

Related Galleries

Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza

26 Photos
A weekend with Google's Chrome OS Flex
img-9792-2

Related Galleries

A weekend with Google's Chrome OS Flex

22 Photos
Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup
shutterstock-1024665187.jpg

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

8 Photos
Inside a fake $20 '16TB external M.2 SSD'
Full of promises!

Related Galleries

Inside a fake $20 '16TB external M.2 SSD'

8 Photos
Hybrid working, touchscreen MacBook hopes, cybersecurity concerns, and more: ZDNet's tech research roundup
Asian woman working at a desk in front of a computer and calculator

Related Galleries

Hybrid working, touchscreen MacBook hopes, cybersecurity concerns, and more: ZDNet's tech research roundup

8 Photos
Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup
Person seated at a booth in a cafe looks at their phone and laptop.

Related Galleries

Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup

10 Photos
Drive Electric Day: A dizzying array of EVs in sunny Florida
ca3b4019-26c5-4ce0-a844-5aac39e2c34b.jpg

Related Galleries

Drive Electric Day: A dizzying array of EVs in sunny Florida

16 Photos