Phishing scam targets Facebook users

A new phishing tactic uses mailto links in security alerts to reach Facebook users and harvest victims over time.

Scammers Target Facebook Users With a Mailto Phishing Scheme

Malwarebytes Labs has identified a login phishing campaign aimed at Facebook accounts. The scam begins with an unsolicited email that claims someone just logged into your account from an unrecognized device. The subject line is alarmist, and the body offers two options: "Report the user" and "Yes, me." Rather than directing you to a fake website, the attack relies on mailto links. If you click a button or the unsubscribe option at the bottom, your device opens your default mail program with a prefilled subject line that matches the button text. The attackers also use typosquatting to make the sender address look legitimate.

This approach can help scammers validate your email address and set up future contact. Mailto phishing tends to evade some email filters because it relies on your own mail app rather than a dubious link. Experts advise people to scrutinize messages for urgency and typos, avoid replying via email, and verify requests through official channels such as the company’s verified site or app.

The tactic shows how scammers adapt to mundane tools and trusted platforms. By using mail apps instead of shady websites, they bypass some security filters and create an illusion of legitimacy. The longer-term risk is not just credential theft but the potential to build a relationship with victims through email, increasing chances of later scams.

For platforms and users, the challenge is twofold: improve detection at the edge of email and better educate people about safer verification paths. Users should treat any security alert with skepticism and rely on official portals to confirm requests. The story highlights the need for clearer indicators in official alerts and stronger awareness of typosquatting and deceptive domains.

Highlights

Vigilance is the best defense against evolving online tricks.