It started like any other message alert: an email from Facebook Messenger, saying a family member had sent a message. Their name was in the subject line and their profile picture appeared in the body. There was even a familiar blue “View Message” button. But one thing didn’t add up—the message was sent to an email address never used with Facebook.
That small detail prevented a phishing scam.
🎣 The Hook: A Familiar Face, a Trusted Format
The email appeared to come from messages@facebookmail.com, which is a legitimate domain Meta uses for notifications. The layout was convincing—formatted just like a real Messenger email, including a profile picture and a call-to-action button.
If you use a privacy-focused email provider like ProtonMail, the image is blocked by default. But if you use Gmail, Outlook, or your phone’s default mail app? That image would load instantly—because it’s hosted by Facebook. The scammer didn’t even have to spoof the image—they just used the target’s real Facebook profile URL.
🔗 The Links: One Real, One Rotten
Let’s break down what’s under the hood:
Image/Profile Link (legit):
perlCopyEdithttps://facebook.com/email/appredirect/?rid=[redacted]&fallback_uri=https%3A%2F%2Fwww.facebook.com%2Fprofile.php%3Fid%3D[redacted]
This link uses Facebook’s infrastructure to redirect you to a real profile—someone you know. That makes the whole message feel authentic. “See? It’s really her.”
Message Link (spoofed):
perlCopyEdithttps://www.facebook.com/n/?messages%2Ft%2F25585633754415766%2F&n_m=dave@youremail.com&...
This fakes a Messenger thread, embedding your email address (n_m=dave@) to personalize the scam and track whether you clicked.youremail.com
🧠 How Attackers Pull This Off
They don’t need your Facebook login—they just need your email and a connection to someone else. Most of this information comes from:
- Leaked data dumps (old breaches from LinkedIn, Facebook, or elsewhere)
- Scraped public profiles
- People-tagged friend lists that were public at some point
With that, they build a message that looks like it’s from someone you know—when it’s really not.
🕳️ What Happens If You Click
Scenarios include:
- A fake Facebook login page designed to steal your credentials.
- A malicious redirect chain that drops a payload (malware, info-stealer, etc.).
- A session hijack if you’re already logged into Facebook in that browser.
- Or a simple “is this email address alive?” ping that confirms you as a target.
The worst part? The scam may do nothing malicious immediately—just silently track you. And then the real attack comes later, when you least expect it.
🧱 How to Spot These Scams
Here’s what to look for:
✅ Check the actual link address. Mouse over the “View Message” button before clicking. Look for:
- Long query strings
n_m=with your email- Strange thread IDs
✅ Did the email go to an address you use with Facebook? If not, it’s fake.
✅ Be skeptical of sudden messages from people you haven’t spoken with in a while.
✅ Disable remote image loading to prevent auto-confirming your address.
✅ Don’t trust the sender name. Email “spoofing” can make any message look like it came from Facebook.
📣 You Don’t Have to Fall for It
Even savvy users get caught when a scam is this well-crafted. Real profile photo. Real name. Real Facebook infrastructure. But one fake link is all it takes.
“I don’t even use that email with Facebook. That’s how I knew it was a scam.”
Scammers don’t need to break into your account to trick you—they just need to borrow your trust.
🔒 Want to Help Others?
If you receive a suspicious message like this, don’t delete it just yet. You can forward it to phish@fb.com, Meta’s reporting email. It won’t guarantee a takedown, but it adds data to their anti-abuse systems.
Dave Soulia | FYIVT
You can find FYIVT on YouTube | X(Twitter) | Facebook | Parler (@fyivt) | Gab | Instagram
#fyivt #facebookscam #phishing #onlinesafety
Support Us for as Little as $5 – Get In The Fight!!
Make a Big Impact with $25/month—Become a Premium Supporter!
Join the Top Tier of Supporters with $50/month—Become a SUPER Supporter!
Leave a Reply