Monday, December 1, 2008

Recent Facebook mail notification = FAIL

Facebook users received an email notification last week asking that email notification settings which had been 'lost' be updated - followed by an embedded link. Was this a phishing scam, or was the email legit?

Being in the industry, we know to stay away from any emails asking for personal details to be updated/confirmed/changed as it is more often than not slimy phishers looking to score. Banks even expressly state that they will never EVER under any circumstances ask for details to be updated via any email link, as they are most often targeted and the most lucrative for scammers.

Facebook has certainly not gone under miscreants' radar, given the millions of users it has. Since the Facebook explosion, warnings of phishing scams and successful attenmpts have graced news sites everywhere - and offering users the knowledge they need to distinguish fake mails from real ones.

So now - given the press and multitude of people they service, why would Facebook send all their users a mail that looks so suspiciously like a phishing one? Let's run it through a quick evaluation...

Firstly, the language they use is quite phisher-esque - "Unfortunately, the settings that control which email notifications get sent to you were lost." Uhm... lost? This statement is broad, not backed up by any reasons as to why it happened, or what the details of the problem. Besides, there was no media coverage of the technological 'glitch' or issue that caused millions of setting to be simply 'lost'.. It scores 5 phishy points on its own.

Secondly, the embedded link, which is a big no-no when it comes to getting personal details, scores another 5 points. We all know, that even though the link may look liike it points to the actual site, once clicked, it can easily redirect us to a spoofed site.

Thirdly, the signature - 'The Facebook Team' - is so impersonal. If such a serious technological error did indeed occur, I think Facebook users deserve to have someone a bit higher up with an actual name and title to send them a mail. I mean, if Facebook can 'lose' my email notification settings in some unknown and mysterious way, what is to say that next time it will not be my personal details that disappear or my photos that get wiped out? Or, God forbid, I lose my friends! I'll give that one a score of 6 just for sheer cheekiness..

Let's just say, even based on these three points alone, I would simply press delete and feel a small sense of one-upmanship by having foiled yet another potential Internet crime and never give it a second thought.

Obviously, they are trying to downplay the problem, which could be a large contributor to the way the email was written. But Facebook should know better. In my opinion, they should have bypassed the email route altogether and rather had an alert or pop-up within the application itself. If they had sent a mail to my Facebook inbox, I also would have regarded it with a lot more positive interest.

No comments: