If you work for a company of any size that is even remotely online, chances are good you\u2019ve had to undergo some training on how to spot phishing (fraudulent) emails. Even if you don\u2019t, you may have gained a certain amount of expertise in how to spot phishing scams just by virtue of receiving tons of them. <\/p>\n
If the sender\u2019s email domain is not quite the same as the supposed sending company, that\u2019s a red flag. A message from an address at paypal.com may very well be fine; one from paypal-acount-verefy.com probably isn\u2019t. Messages telling you to click a link before some deadline or else lose access to your account are also highly suspect. <\/p>\n
It's too bad that Facebook seems to be sending legitimate mail that raises these flags. Just how do you determine if an email that seems to be from Facebook is legitimate? The best security suites are good at detecting phishing emails, but what if you want to check a particularly tricky message for yourself? I'll show you the process I went through with one such email, below.<\/p>\n
A Strange Message From Facebook<\/h2>\n
I started looking into this problem when an old friend of mine asked about a slightly odd email he got, purportedly from Facebook. It noted that since his posts have \u201cthe potential to reach a lot of people,\u201d he\u2019s required to enroll in Facebook Protect<\/a>. Not only that, if he doesn\u2019t do it within about three weeks, he\u2019ll be locked out of the account. There\u2019s that pesky deadline. To top it off, the message was sent from the domain facebookmail.com\u2014a variation on what you\u2019d expect. That\u2019s two strikes. Oh, and according to its own description, Facebook Protect was designed for \u201ccandidates, their campaigns and elected officials.\u201d My friend doesn\u2019t fit any of those categories.<\/p>\n And yet\u2026the message is not asking him to send money, or give away his password, or anything nefarious. It\u2019s insisting that he increase<\/em> his security. How would a scammer benefit from that? Also, strange as it seems, Facebook confirms that it uses the facebookmail.com domain<\/a> to send official emails. Could it be that the message is<\/em> legitimate?<\/p>\n As it turns out, verifying that an email came from Facebook is incredibly simple\u2014but only if you know where to look. Here\u2019s how. <\/p>\n Go to Settings<\/strong>. On your own Facebook profile page, find the down-pointing triangle icon at top right. Click it, then choose Settings & Privacy > Settings to open the main Settings page.<\/p>\n<\/li>\n<\/ol>\n Find Facebook's List.<\/strong> Near the top left you should find Security and Login. Click that and scroll down to the Advanced section. Click the item titled \u201cSee recent emails from Facebook.\u201d <\/p>\n<\/li>\n<\/ol>\n Match Your Message. <\/strong> If you see a match for the questionable message\u2019s subject line, you can be pretty sure it\u2019s legitimate. Be sure to look both in the list of Security-related messages and in the list titled Other. Note that Instagram has a very similar feature\u2014not surprising, as both Facebook and Instagram are owned by Meta Platforms<\/a>.<\/p>\n<\/li>\n<\/ol>\n If the message you\u2019re wondering about doesn\u2019t appear in the list of messages sent by Facebook, that should<\/em> make a strong case for it being a fraud. By observation, though, this may not be the case. I shared the instructions above with my friend who received that suspect message. He reported no matches in the list of messages. On the flip side, he pointed out that Facebook recently extended the Facebook Protect program<\/a> to a wider audience, including journalists. As it happens, he\u2019s a journalist, living outside the US.<\/p>\n At this point I was convinced that, despite its quirks, the message was probably legit. To further support this judgment, I combed through the original message and checked all the links. A scam message that uses deadlines or other scare tactics to make you click a link will almost certainly link to a dangerous page. All the links in this message went straight to facebook.com.<\/p>\n That left the very unlikely possibility that somebody spoofed the sending address, [email\u00a0protected] Nothing I\u2019d learned thus far suggested any possible motivation for that sort of hack, but I checked anyway.<\/p>\n Every email message comes with a collection of routing information and other metadata hidden away in its header. You don't normally see this data. It's not intended for you\u2014it's for use by your email client. But if you want to check for signs of address spoofing, you must dig into that header data.<\/p>\n Just how you view an email message\u2019s header data varies depending on how you get your mail. In Gmail, you click the More icon (three vertical dots) to the right of the Reply icon and select Show Original. This immediately showed that the message passed three tests designed to detect spoofing: SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance). That\u2019s all I needed to know; I didn\u2019t bother clicking Download Original to view the precise details of header data.<\/p>\n Outlook isn\u2019t quite as helpful as Gmail. You open the message, select File from the menu, and click the Properties icon. In the resulting dialog you get the full semi-incomprehensible details of the message header, in a small, awkward scrolling window. Carefully picking through the headers I found lines like<\/p>\n spf=pass (google.com: domain of [email\u00a0protected] designates 69.171.232.140 as permitted sender)<\/p>\n<\/blockquote>\n That\u2019s the unpolished text that Gmail summarizes as \u201cSPF: PASS\u201d. Poring a bit more over the header data I confirmed that fields such as Return-Path and Errors-To all correctly contained the sender\u2019s address. That cinched it. This was a legitimate email from Facebook.<\/p>\n If you get an iffy message claiming to be from Facebook, you can log into your account and view a list of recent messages sent to you by the service. Finding your message in this list pretty much guarantees it\u2019s legitimate.<\/p>\n Not finding it should<\/em> mean it\u2019s a fake, but as we\u2019ve seen, that isn\u2019t always true. For a sanity check, search the web for information about the sending domain; facebookmail.com turned out to be legitimate. Check all links in the message to make sure they link to safe pages. And peruse the email header to make sure the sender's address wasn\u2019t spoofed. If the message passes these tests, you can rely on its validity, even if it doesn\u2019t show up in Facebook\u2019s list.<\/p>\n Sign up for Security Watch<\/strong> newsletter for our top privacy and security stories delivered right to your inbox.<\/p>\n This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use<\/a> and Privacy Policy<\/a>. You may unsubscribe from the newsletters at any time.<\/p>\n<\/p><\/div>\n<\/div>\n<\/div>\nHow to Verify Whether an Email Is From Facebook<\/h2>\n
\n
![\"Find](\"https:\/\/i.pcmag.com\/imagery\/articles\/05wZGakh0qow11qDFz2lJse-5.png\")
\n
![\"See](\"https:\/\/i.pcmag.com\/imagery\/articles\/05wZGakh0qow11qDFz2lJse-6.png\")
\n
Other Ways to Verify<\/h2>\n
Recommended by Our Editors<\/h3>\n<\/div>\n<\/div>\n
![\"Outlook](\"https:\/\/i.pcmag.com\/imagery\/articles\/05wZGakh0qow11qDFz2lJse-7.png\")
\n
Verify Messages From Facebook<\/h2>\n
Like What You're Reading?<\/h5>\n