But e-mail notifications are also a security risk. If an attacker can create a realistic-looking imitation of a Facebook notification, you might find yourself clicking on a link that can lead to malware or attempt to steal your login credentials. Unfortunately, phishers are getting better at what they do, and spotting a fake isn't as easy as you might think.
I've assembled four Facebook notifications that arrived in my e-mail inbox recently. Can you tell which are real and which are fake? Click any image to see it at full size, or visit the accompanying gallery to flip through all four screens at full size.
Here's one that arrived last week. As with all the images, I've blurred personal information but otherwise these messages are shown in full, as they appear in Microsoft Outlook's preview pane. If you guessed that one was a fake, congratulations.
Do you think that odd e-mail address indicates a fake? Confusingly, Facebook notifications come from the facebookmail. The long, complicated URL might also look suspicious, but this notification is a legit one from Facebook. The previous, real notification included a long complicated URL. This one has a pair of buttons that you're supposed to click to see the comments a friend supposedly added to your shared link.
Surprisingly, this one is legit. This is a particularly convincing fake. The graphics, fonts, button design, and links are all indistinguishable from a real Facebook notification. This particular phishing attempt led to a fake online pharmacy, but it could just as easily have led to a malware installer.
One of these fakes was good enough to slip past my spam filters. In that case, the only way to determine that it wasn't legit was to allow the mouse pointer to hover over a link or button to see what its true destination was. Here's what it looked like:. That's certainly not a legitimate link. Here, by contrast, is what a link from a real Facebook notification looks like:.
It's a challenge to get nontechnical users in the habit of checking links before they click, but the results are well worth it. NSA employee pleads guilty after stolen classified data landed in Russian hands.
Amazon Cloud Cam review: An affordable, fully capable security camera. Government forced to backtrack on data access. Hacking back is a terrible idea, but companies are still keen to try it. My Profile Log Out. Security NSA employee pleads guilty after stolen classified data landed in Russian hands. Amazon Amazon Cloud Cam review: Security Hacking back is a terrible idea, but companies are still keen to try it. Please review our terms of service to complete your newsletter subscription.
You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services. You may unsubscribe from these newsletters at any time. Newsletters You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.More...