I was just informed and forwarded an email by one of my Facebook contacts.
He was not a contact in my Gmail or AOL email accounts, but a Facebook contact.
He got an email using my Facebook name and a different email return address
with a spam link for him to click. I haven’t been able to find any info
regarding this kind of scam. Here’s what my friend forwarded to me (…and it
shows in fact exactly what he described: email from him, email that appeared to
be from him with his name but with a completely unrelated email address).
In this excerpt from
Answercast #56, I look at another case where a Facebook friend is sent a
strange email with the wrong name.
Become a Patron of Ask Leo! and go ad-free!
Possible security leak
Yes, this is spam. It is nothing more than spam and it is also nothing
that’s in your control; there’s really nothing you can do about it. It’s
something that both you and your friend simply need to treat as spam. Mark it
as spam and get on with your lives.
What’s happened? So there’s an article I wrote just a couple of weeks ago
am I getting email from someone with the wrong email address?“.
Here’s the theory… I don’t have confirmation on this at this time but here’s
the theory: the theory is simply that there was a leak in the way that Facebook
allowed some of its data to be read.
A leak such that spammers… I’m not even going to say hackers because there
was really no hacking involved here. There’s no breach of data here. This is
simply an unplanned-for leak of data that Facebook actually made available when
it shouldn’t have.
What it boils down to is apparently some of the relationships on Facebook,
friends of friends and so forth, were somehow being exposed to hackers.
Tricking you to open mail
Now, what hackers do is they’re trying to get you to open the mail that they
send. They want you to click on that link. And how do they do that? They try and
One of the ways they try and fool you? By making it look like the email you
got is from someone you know and trust.
So just knowing the name of someone that might be a contact of
yours in Facebook, for example, is enough. They use that then to make it look
like that email was sent from you in the hopes that the person receiving it
will say, “Oh, well, gosh, that’s from Leo, I’m going to click that.”
Guess what? Not gonna happen. That’s spam.
That is spam; it’s not from you; you didn’t send it and there’s nothing you
did to cause it to be sent. You did nothing wrong, your recipient did nothing
If anybody, Facebook did something wrong to make this data exposed (and even
that hasn’t really be confirmed). There’s a lot of fingers that are pointing at
it that seem to indicate that this is what happened. Yours is another good one
because this is clearly something you were able to track down to a
Facebook-specific relationship. But that’s really all it is.
So, treat it as spam; recognize it for what it is and get on with your
Next from Answercast 56 – If VPNs can be blocked by ISPs, how do people in firewalled countries get out?