It was only a matter of time: scammers have started targeting Facebook’s new messaging system.
I got my Facebook email account last Thursday. Early this morning, I received a notice that I’d won 950,000 South African Rand (about $135,000) in a contest held by the South African branch of Shell Petroleum. (Screenshot below.) All I have to do is send along a bunch of personal information like my name, phone number, date of birth, and occupation. If you’ve been on the Internet for more than five minutes, you can probably guess how this would end up.
This is the kind of obvious spam that never makes it into Gmail. And even if it does show up in email accounts with lesser filters, like Hotmail, users expect spam there. The context is different in Facebook, where it’s sitting alongside a much smaller batch of messages that are obviously from real people and organisations that I’ve connected with, like The Economist and the band Wilco.
To be fair, this message did show up in my “Other” box, rather than the main inbox used for communications from known friends. But bolting e-mail onto the Facebook social graph opens a whole new vector for this and other long-running e-mail scams, like phishing attacks. User beware.