/>
X

Join or Sign In

Register for your free ZDNet membership or if you are already a member, sign in using your preferred method below.

Use your email Use Linkedin Use Facebook

Can you spot a Facebook phishing attempt?

E-mail notifications are an important part of social networking services like Facebook. If you have to continually visit a web site to see what's new, you lose much of the excitement that comes with comments on your photos or other shared items. You might miss invitations to events or opportunities to connect with a long-lost friend who's in town for a day or two.But e-mail notifications are also a potential security risk. If a potential attacker can create a realistic-looking imitation of a Facebook notification, you might find yourself clicking on a link that can lead to malware or attempt to steal your login credentials.Spotting a fake isn't as easy as it seems. I've assembled four Facebook notifications that arrived in my e-mail inbox recently. Which are real, and which are fake? Answers are in the caption beneath each screen shot.

|
ed-bott.jpg
|
6286452.png
1 of 4 Ed Bott/ZDNet

This is a reasonably convincing fake, but a fake it is.

The word photo should be plural. That's the only typo in this message, which otherwise looks very similar to a real Facebook notification.

6286453.png
2 of 4 Ed Bott/ZDNet

This one's real.

If you thought it was fake, that's understandable. The link, filled with random strings of numbers and letters, doesn't exactly lend itself to easy parsing. In fact, many phishing attackers use long, complicated links like this one to disguise their true domain.

6286454.png
3 of 4 Ed Bott/ZDNet

This one's real.

Oddly, in this example, Facebook uses buttons to provide navigation to comments on items you've posted. In the previous example, you'll recall they used a long, complex URL.

How do you know whether that button goes to a safe place?Without inspecting it more closely, there's no way to tell. 

6286455.png
4 of 4 Ed Bott/ZDNet

This one's a fake, but it looks real enough.

The message offers three separate ways to navigate to its target. A Sign In button that matches the Facebook style, a text link next to the envelope icon, and a long URL at the bottom of the page.

Every one of these elements should look familar to a Facebook user. Without caerful inspection, it's very difficult to tell that this one isn't legit.

Related Galleries

Miss baseball? Zoom with a virtual background of your favorite team's stadium
01-angels-stadium.png

Related Galleries

Miss baseball? Zoom with a virtual background of your favorite team's stadium

Slack tips and tricks: Master the art of workplace collaboration
slack20.jpg

Related Galleries

Slack tips and tricks: Master the art of workplace collaboration

Eight group collaboration platforms worth a closer look
group collaboration platforms worth a closer look ZDNet

Related Galleries

Eight group collaboration platforms worth a closer look

Avoid these 7 email mistakes if you want a reply
How to avoid common email mistakes ZDNet

Related Galleries

Avoid these 7 email mistakes if you want a reply

13 reasons why crowdsourcing can't be trusted
gettyimages-466130265.jpg

Related Galleries

13 reasons why crowdsourcing can't be trusted

The top IT trends that CIOs should watch in 2015
CIO 2015 Trends Gallery Slide 1: IoT

Related Galleries

The top IT trends that CIOs should watch in 2015

Watching digital collaboration evolve: Key events over the last year
collaborationevolutiongallery1smswhatsapp.png

Related Galleries

Watching digital collaboration evolve: Key events over the last year