If you are on Facebook (as are over 300 million people in the world) then you are used to receiving a variety of notifications of different things happening within your network, such as photo tagging, status comments, and friend requests. Nothing unusual about that, unless you receive something like this…

…on an account other than the one you used to open your Facebook account.

On closer investigation, here is what you should notice about this new Facebook spoof:

1. Note the mailing addresses in the header. Facebook’s reply here is usually “no-reply” address. Also, if this is someone you know and performed a generic search, you would have come up in a page of results. Facebook would have sent this “invitation” to an already approved email for a Facebook account.
2. Take a closer look at the photo. This is actor Jake Gyllenhaal. True, Facebook users do use famous people as their profile pictures on occasion, and it is these new, unknown users that you should take caution with before approving.
3. While there are famous people on Facebook, they would probably NOT identify themselves as (FIRST NAME) Doe.
4. Another problem with this scam is when legitimate friends of yours appear in the notification. (Our advice: Notify these friends as soon as possible that they are being associated with this scam, and advise them to take caution.)

The nice thing about scams like this is they tend to appear in pairs. Another bogus invitation received within minutes of the first spoof mail, and this one threw its first warning sign out in a more blatant fashion. The profile picture featured a woman giving the camera a cheeky grin and revealing a good amount of skin. Security experts refer to this as a “Hot Chick” Approach. In this second invite, the four “random friends” as selected by Facebook are the same “random friends” showcased in the first invite.

Here are a few tips to follow if you receive a suspicious invitation like this:

• DO NOT CLICK ON ANY LINKS PROVIDED IN THE EMAIL. Take a look at the earlier mentioned details outlined earlier to see if this is, in fact, a legitimate invitation or not.
• As stated earlier, notify friends featured in these spoof as soon as possible. Advise them to take caution when working in Facebook and communicating with others.
• Click here to find out more about Facebook’s policy against false identities. You can also forward the potentially fraudulent emails to abuse (at) facebook (dot) com with any additional information you can provide on the spoof mails (i.e. frequency, time of arrival, etc.)

Proceed with caution on Facebook as this scam has been gaining momentum. Please feel free to comment here your own experiences, and stay safe in your Social Networking initiatives.

12/16/09 UPDATE:

Today, I was hit with another bogus invitation. While the profile picture appeared to be some random high school/workspace portrait, I noticed that the three random friends selected that I “might also know” were featured at the bottom of the screen. Additionally, the “Reply To” address was hidden.

Take care. Phishers are getting craftier.

Related posts:

1. Saving Facebook: Perspectives on New Privacy Policies
2. The IDGuardian Podcast: Episode #004 — Why Black Friday Could Be a Red Carpet for Scammers
3. Identity Safety for Your Teens
4. The IDGuardian Podcast: Episode #005 — Threats Facing Consumers Online
5. Why Black Friday Could Be a Red Carpet for Scammers