Helping people with computers... one answer at a time.

This is clearly something you were able to track down to a Facebook-specific relationship. But all it really is... is spam.

I was just informed and forwarded an email by one of my Facebook contacts. He was not a contact in my Gmail or AOL email accounts, but a Facebook contact. He got an email using my Facebook name and a different email return address with a spam link for him to click. I haven't been able to find any info regarding this kind of scam. Here's what my friend forwarded to me (...and it shows in fact exactly what he described: email from him, email that appeared to be from him with his name but with a completely unrelated email address).

In this excerpt from Answercast #56, I look at another case where a Facebook friend is sent a strange email with the wrong name.

Possible security leak

Yes, this is spam. It is nothing more than spam and it is also nothing that's in your control; there's really nothing you can do about it. It's something that both you and your friend simply need to treat as spam. Mark it as spam and get on with your lives.

What's happened? So there's an article I wrote just a couple of weeks ago called, "Why am I getting email from someone with the wrong email address?".

Friend leak

Here's the theory... I don't have confirmation on this at this time but here's the theory: the theory is simply that there was a leak in the way that Facebook allowed some of its data to be read.

A leak such that spammers... I'm not even going to say hackers because there was really no hacking involved here. There's no breach of data here. This is simply an unplanned-for leak of data that Facebook actually made available when it shouldn't have.

What it boils down to is apparently some of the relationships on Facebook, friends of friends and so forth, were somehow being exposed to hackers.

Tricking you to open mail

Now, what hackers do is they're trying to get you to open the mail that they send. They want you to click on that link. And how do they do that? They try and fool you.

One of the ways they try and fool you? By making it look like the email you got is from someone you know and trust.

So just knowing the name of someone that might be a contact of yours in Facebook, for example, is enough. They use that then to make it look like that email was sent from you in the hopes that the person receiving it will say, "Oh, well, gosh, that's from Leo, I'm going to click that."

Don't click!

Guess what? Not gonna happen. That's spam.

That is spam; it's not from you; you didn't send it and there's nothing you did to cause it to be sent. You did nothing wrong, your recipient did nothing wrong.

If anybody, Facebook did something wrong to make this data exposed (and even that hasn't really be confirmed). There's a lot of fingers that are pointing at it that seem to indicate that this is what happened. Yours is another good one because this is clearly something you were able to track down to a Facebook-specific relationship. But that's really all it is.

So, treat it as spam; recognize it for what it is and get on with your life.

Article C5859 - September 27, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

2 Comments
Ken
September 28, 2012 8:32 AM

I have had the same thing but from Yahoo not Facebook. I get emails addressed to me from a name I know but the email is [something]@yahoo.com. The first one was from my son so without looking at the email address I clicked the link and got a blank page, other than whatever the script in the page put on my system. I quickly ran MalewareBytes which found three redirect scripts. This was re-directing my search from Google to something else. The email simply contains the line, “Hey Ken” with a long link. At first these were from [something]@yahoo.es but now they are from yahoo.com.

Sri
September 29, 2012 7:11 PM

There is another scenario which calls for users to be highly cautious about who they befriend on facebook.

A facebook friend could be spamming with a different address - they don't have to hack or get leaked data - they just befriend you and can see your name as well as your friends' names and can then use those names with a fictitious email address to send spam or malware.

Be wary of strangers, just like in real life. Only, you can at least judge a person by the appearance, looks and body-language in real life but no such thing on platforms like facebook!

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.