Did Someone from Nigeria Log Into My Facebook Account?

One of the standard tactics for spammers and other questionable characters is to create a sense of urgency with a situation so you don’t have time to stop and think. Trigger someone’s fear response and they act, often in ways that retrospectively are going to prove to have been poor decisions. That’s what the email you received is counting on. I know, because I have received the same darn email myself.

There is a chance that someone could hack into your account, but that’s much less common than someone trying to trick you into thinking that’s happened and then go to their spoof site to “confirm” your login credentials. At that point, you’ve handed them your login and password. One smart solution is to enable two-factor authentication, which would mean that even if they do get your password they still can’t log in, and you’ll get an unexpected login code from Facebook to alert you to the problem. [see Set Up 2-Factor Authentication on Facebook]

If this does happen, go to Facebook with their mobile app or by typing in “facebook.com”, then change your password. And enable 2-factor authentication.

Now, let’s look more closely at this email so you can learn how to spot a scam.

SOMEONE’S LOGGED IN TO YOUR ACCOUNT!

No surprise, if you see a message like this in your inbox, it’s going to cause anxiety:

On first glance, the message certainly looks legitimate, with the right formatting, color for Facebook, etc. But look at that sender address and look at the recipient address. An immediate red flag: Facebook will never send an email from “irishbeachrealty.com” 🤪

You can also click on the tiny black triangle if you’re in Gmail, as I am, to see more about the “envelope” of the email message:

Again, this should immediately trigger your 🚨 BOGUS! 🚨 detector and cause you to comfortably and delete the scam message without any lingering doubt or concern.

But let’s say you were too anxious to closely examine the sender and recipient info…

WHAT HAPPENS IF YOU CLICK?

While more sophisticated phishing attacks (as they’re known) might lead you to a fake Facebook login page, this one’s lazy and has you email a response. Sounds weird (and should again trigger your 🚨 BOGUS! 🚨 detector), but it’s true. You can always preview a link before clicking it in Gmail by simply hovering your cursor over the button or link:

The very bottom reveals that it’s a “mailto:” link with a list of email addresses. You click, anxious, and are shown this:

Again, why would anyone proceed from this point? Why would Facebook, with over 1.5 billion active daily uses, possibly want you to email them if there’s a security problem?? Not only that, but why would it have 78 email addresses on the recipient list? Click on “77 more” and they expand…

These are a completely random set of 77 addresses plus one that’s actually the villain in this situation. Why? Obfuscation: If this is reported, Google isn’t going to shut down all of the accounts as spammers because they clearly are not doing anything wrong. This is generally known as obfuscation.

If you did email everyone and say “I didn’t log in from Nigeria! What should I do??” you’ll inevitably get a few dozen regular users sending you hostile messages asking why you’re spamming them (they don’t know they’re on this distribution list) along with the actual spammer who at this point sends you a link to a fake Facebook login page, asking for you to “verify” your account.

Whether it’s a text message, phone call, social media message, or plain old email, it’s always necessary to take a deep breath and investigate before you proceed. Just a little bit of caution and skepticism can save you from the vast majority of scams!

Pro Tip: I’ve been writing about online scams for many years. Please check out my spam, scams and security help area while you’re visiting. Thanks!