[Scam Alert] Latest Phishing Scheme NOW Targetting Facebook Users

 

Let's start with facts and statistical data.  As per FSecure, QUOTE 62% of social media phishing incidents use Facebook as a lure, with one campaign in 2023 sending around 100,000 phishing messages per week to Facebook users.  Furthermore, Phishing Tackle noted millions of users visited Facebook phishing sites in 2022 UNQUOTE.  As we speak today, the alarm decibels have compounded!@#$%?

Pasting here EN TOTO from lifehacker.com [from Emily Long 08.11.2025].  SCAMMERS ARE TARGETTING FACEBOOK USERS WITH THIS PHISHING SCHEME.  This scam begins like many do, with an unsolicited email. The subject line is somewhat alarming—“We’ve Received a request to Reset your password for Facebook Account !”—and despite the odd use of capitalization, you may click just to be absolutely sure there's nothing you need to do. The body states that you're receiving this email because someone just logged into your account from an unrecognized device, and Facebook wants to verify it's really you. There are two buttons to choose from: "Report the user" and "Yes, me."

While many phishing schemes prompt you to click a link that leads to a fake website designed to steal your credentials, this one (like the recent Instagram scam) uses mailto: links instead. If you click either of the buttons or the unsubscribe option at the bottom, your device will launch your default mail program and open an email with a prefilled subject line matching the button text. The reply email doesn't go to a domain owned by Facebook or Meta, though scammers use a technique called typosquatting to make the address look at least somewhat legitimate, such as belonging to companies like Black Diamond or Vacasa💧💧💧

This may seem relatively innocuous, as you haven't actually provided any personal information in your reply. However, hitting "send" validates your email address so scammers can target you in the future. They may also try to build a relationship with you over email and gain your trust over time. Mailto: phishing is more likely to evade email filters compared to malicious links, so scammers can actually reach your inbox.  As with all scams, this one uses urgency to convince you to act, because of course you want to protect your account from unauthorized logins [QUOTE ends here]!@#$%?

In my case, 2 weeks ago, I received a mailer warning me that there was a suspicious login at a specific provincial address/location [WHERE I've never been in my life] and along with it was a LINK for me to "PURPORTEDLY" 'force-logout' that unauthorized login.  THAT's IT!  Scammers are playing on HUMAN FEARS.  Once we panic, it's GAME OVER dude.  Again, to be FOREWARNED is to be FOREARMED💥💥💥