 Show
Many users are confused by these emails, which appear to be sent from a suspicious source. (They arrive from an email address named “@facebookmail.com”.) And while these communications aren’t an actual scam, they do pose a security risk. For instance, it’s unclear when the One Click link expires, and experts advise this sort of reset expires within minutes. There’s also no way for Facebook to know if the email address they have on file is still valid, or if someone else could have access to the account. All in all, experts say, the practice violates a host of common-sense privacy measures. “Sending a single-click login link via email is bad enough but also sending that email unsolicited is an extremely poor security practice,” security consultant Mark Burnett told The Ringer. “These emails go against all of the best practices we in the security industry have for years tried to instill in companies.” It makes sense that Facebook wants to reengage users who have stopped logging in to the platform, but there has to be a better — and safer — way than this. If you work for a company of any size that is even remotely online, chances are good you’ve had to undergo some training on how to spot phishing (fraudulent) emails. Even if you don’t, you may have gained a certain amount of expertise in how to spot phishing scams just by virtue of receiving tons of them. If the sender’s email domain is not quite the same as the supposed sending company, that’s a red flag. A message from an address at paypal.com may very well be fine; one from paypal-acount-verefy.com probably isn’t. Messages telling you to click a link before some deadline or else lose access to your account are also highly suspect. It's too bad that Facebook seems to be sending legitimate mail that raises these flags. Just how do you determine if an email that seems to be from Facebook is legitimate? The best security suites are good at detecting phishing emails, but what if you want to check a particularly tricky message for yourself? I'll show you the process I went through with one such email, below. A Strange Message From FacebookI started looking into this problem when an old friend of mine asked about a slightly odd email he got, purportedly from Facebook. It noted that since his posts have “the potential to reach a lot of people,” he’s required to enroll in Facebook Protect(Opens in a new window). Not only that, if he doesn’t do it within about three weeks, he’ll be locked out of the account. There’s that pesky deadline. To top it off, the message was sent from the domain facebookmail.com—a variation on what you’d expect. That’s two strikes. Oh, and according to its own description, Facebook Protect was designed for “candidates, their campaigns and elected officials.” My friend doesn’t fit any of those categories. And yet…the message is not asking him to send money, or give away his password, or anything nefarious. It’s insisting that he increase his security. How would a scammer benefit from that? Also, strange as it seems, Facebook confirms that it uses the facebookmail.com domain(Opens in a new window) to send official emails. Could it be that the message is legitimate? How to Verify Whether an Email Is From FacebookAs it turns out, verifying that an email came from Facebook is incredibly simple—but only if you know where to look. Here’s how.
Other Ways to VerifyIf the message you’re wondering about doesn’t appear in the list of messages sent by Facebook, that should make a strong case for it being a fraud. By observation, though, this may not be the case. I shared the instructions above with my friend who received that suspect message. He reported no matches in the list of messages. On the flip side, he pointed out that Facebook recently extended the Facebook Protect program(Opens in a new window) to a wider audience, including journalists. As it happens, he’s a journalist, living outside the US. It's Surprisingly Easy to Be More Secure Online At this point I was convinced that, despite its quirks, the message was probably legit. To further support this judgment, I combed through the original message and checked all the links. A scam message that uses deadlines or other scare tactics to make you click a link will almost certainly link to a dangerous page. All the links in this message went straight to facebook.com. That left the very unlikely possibility that somebody spoofed the sending address, [email protected] Nothing I’d learned thus far suggested any possible motivation for that sort of hack, but I checked anyway. Every email message comes with a collection of routing information and other metadata hidden away in its header. You don't normally see this data. It's not intended for you—it's for use by your email client. But if you want to check for signs of address spoofing, you must dig into that header data. Just how you view an email message’s header data varies depending on how you get your mail. In Gmail, you click the More icon (three vertical dots) to the right of the Reply icon and select Show Original. This immediately showed that the message passed three tests designed to detect spoofing: SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance). That’s all I needed to know; I didn’t bother clicking Download Original to view the precise details of header data. Recommended by Our EditorsOutlook isn’t quite as helpful as Gmail. You open the message, select File from the menu, and click the Properties icon. In the resulting dialog you get the full semi-incomprehensible details of the message header, in a small, awkward scrolling window. Carefully picking through the headers I found lines like
That’s the unpolished text that Gmail summarizes as “SPF: PASS”. Poring a bit more over the header data I confirmed that fields such as Return-Path and Errors-To all correctly contained the sender’s address. That cinched it. This was a legitimate email from Facebook. Verify Messages From FacebookIf you get an iffy message claiming to be from Facebook, you can log into your account and view a list of recent messages sent to you by the service. Finding your message in this list pretty much guarantees it’s legitimate. Not finding it should mean it’s a fake, but as we’ve seen, that isn’t always true. For a sanity check, search the web for information about the sending domain; facebookmail.com turned out to be legitimate. Check all links in the message to make sure they link to safe pages. And peruse the email header to make sure the sender's address wasn’t spoofed. If the message passes these tests, you can rely on its validity, even if it doesn’t show up in Facebook’s list. Like What You're Reading?Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox. This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time. What is log into Facebook with one click?The note is accompanied by a button that reads: “Log In With One Click.” Click it, and the user will be automatically logged back into Facebook. (Facebook also asks users to let the company know if the unsuccessful attempt to login did not come from them.)
Does Facebook notify you when someone tries to log into your account?Tap Settings, then tap Password and security. Tap Get alerts about unrecognized logins. Choose where you want to receive your alerts, such as your email account or with a Facebook notification from a recognized device.
What is Facebook's official email?You can also try emailing the general Facebook support email: [email protected].
How do I log into Facebook with just my email?Log into your Facebook account. Go to m.facebook.com on your mobile browser.. Enter one of the following: Email: You can log in with any email that's listed on your Facebook account. ... . Enter your password and tap Log in.. |
Log in with one click facebook email
Related Posts
Copyright © 2024 toptenid.com Inc.
