How to Deal With Fake Facebook Email

I always say that URL is a dangerous piece of weapon for cyber crooks. It can be manipulated from the look of a fierce tiger into a look of a cute looking cat. Which means, they can hide the malicious URL and modify the look of the outside like a very innocent URL.

If you had been following my blog, I had written two series so far and one of them is the URL investigation and prevention series. I found myself talking too much about how to prevent and now, I would like to personally demonstrate to you on how I analyze a piece of fake email from Facebook which consists malicious URL.

On one fine day, I received an email from Facebook which tells me that I have a warning message. Inside the email, it has many links that requested me to click on them to get rid of my warning messages. The email looks something like below.

facebook scam 01

Fake Facebook Email (click to enlarge)

Notice that there are 4 links in the email and all of them linked to one same page. What? You really think it is linking to Facebook page? Whatever links that you click, it will only lead you to “www[dot]welmas[dot]ae/derails[dot]html”. Kindly do not visit that page.

In my series on how to investigate the URL, you can possibly land on two types of pages. One is a phishing page where the hacker will steal your Facebook login username and password from that page. Second is a malicious page where it contains Malware like Virus, Trojan or Worm. Question is, what type of page does this belongs to?

I have to say that I love Virus Total a lot. This site can help me judge whether a piece of URL or file is malicious or not. So I send the URL over to that site for a scan and below is the scan result found.

malicious site

Virus Total: URL Scan Result (click to enlarge)

Two top antivirus detected that that URL leads to a malicious site. Others reported as Clean Site while one unable to rate the site. This is not the end of Virus Total as the next thing that they are going to do is to automatically take the HTML file and drop it into 43 antivirus for a scan. Below is the result.

malicious html

Virus Total: Malicious Software (click to enlarge)

You can see now that there are total of 11 out of 43 antivirus detected that piece of HTML contains Malware. Those top antivirus includes BitDefender, Comodo, Kaspersky, NOD32, and TrendMicro. I’m sure that with these big brands telling you that it is a Malware, it is going to be pretty convincing.With the analysis from Virus Total, I can now tell that this site is a malicious site.

It is very important that we do not click any URL in a rush. All URL especially from email and IM need to be properly analyzed whether it is from Facebook, Twitter or LinkedIn. I had already written a guide on how to deal with URL in my series and showed a real life example on how to deal with it. Do take a revision back on that series and join my Facebook page to let me update you on the latest threats around.

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. Fake Facebook Security Team Sent Out Phishing Messages
  2. Fake Firefox Email Bundled with Password Stealing Trojan
  3. Fake Facebook Subscription $9.99 Spread Around the Internet
About Alan Tay

This blog is owned and operated by myMediaInc. My Media operates content based online portals for IT professionals, technology managers and decision makers as well as business leaders. We publish original quality content focused in Software Development, IT Security, SaaS, Cloud Computing, Outsourcing, Project Management and Mobile and Wireless. Our mission is to explore how to help you optimize your resources in each of these areas.

Find us here IT Security Column.


  1. Julie Hayes says:

    I am aware that I am not the only person who were able to receive fake facebook email. There are lot of spammers out there who will surely annoy us that is why we have to be particular with the emails that we are receiving everyday. And with this blog, many will be aware of the things that they should be doing.

  2. Tan

    I never click on facebook notification email and I will leave them all in spam folder as gmail auto send them there. I think the best way whenever receive notification email is just simply login to facebook and you can see notification icon out there. In fact, I am not only receive fake facebook email, but also many fake banks notification email.

  3. Julie Hayes says:

    I also do the same thing because i do not have time to read the emails that they are sending. However, there are times when it is already annoying most especially when they are sending different emails everyday while we are working.

  4. ha14 says:

    I had one of this emails like a couple of month ago, i suspected that was not from facebook, basically ignored it and send to spam. Another one is like saying hey why you dont join Facebook games!

  5. Peter from Computer How To Guide says:

    I wished I came across this type of article 1 year ago. About a year ago I was pretty much addicted to facebook zynga poker and I was having a very decent bankroll(about $22mil) until I received 1 email in my gmail inbox. I can still remember that all it needed was just a simple click on the email link and my $22mil zynga poker chips had gone. Obviously the email was a fake facebook email trying to steal all my poker chips. From then onwards, I’m very cautious about unrecognized emails and I definitely not going to click on any links from there.

  6. willem says:

    In the above case it’s visible in plain sight that the sender addresses in the mail are completely fake – that would be the first reason to dismiss the message!

Speak Your Mind


CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)