Fake email from people you know: facebook privacy settings a possible culprit?

So twice now in the last few weeks friends have written me to say they’ve gotten email from me with (probably) dangerous links, SPAM, etc. This morning it was my wife.

The thing is I don’t think any of my email accounts have been hacked. Upon further investigation of the mail my wife got this morning, it has my name Tim Elhajj in the text field that describes the email account, but the email account itself is from one of the popular online email services and seems like a throwaway account (something like, [email protected]).

I told my wife there isn’t much I can do about this, but after thinking about it, perhaps I need to lock down my Facebook settings? I typically leave everything public, and friend people I don’t know all that well, because I want to use Facebook to build a platform and promote my creative writing.

All I can think of is that I’ve got a spammer in my friends list and this person is using my information to spam my friends as me? Does that seem right? I try not to be too paranoid, and it’s not like anyone is being asked to lend money or anything, but I’m worried that my less savvy friends might click one of these links and get a virus or something.

Has anyone ever dealt with this sort of thing before? Does my assessment of the situation seem accurate or overly paranoid? If accurate, what should I do? It’s just maddening because there doesn’t seem like any kind of reasonable response I can provide. Spamers are going to spam. I don’t want to engage if I don’t have a reasonable chance of success.

What does the hive think? Suggestions, advice?

Hmm, all the friends being spammed, do they have public emails in their facebook profiles? I can’t see how they would get targeted by the spam otherwise.

It’s a pretty sneaky trick, though I’m surprised that spam filters don’t kick in on some of those emails.

I’ve gotten these, I’ve had family members ask about them, etc. It’s been around for a couple of months now.

They’re just harvesting Facebook friends lists, and apparently comparing those to known email spam lists, to make their spam look like it’s from a trusted source. They’re not actually getting any info that’s not public already.

You could make your friends list private, but it’s kind of too late now – they already got your list.

Well, this explains the occasional attractive 20-something females that friend me out of the blue sometimes, always a profile picture taken in a bikini. They seem so innocent, and rarely have any other Facebook friends at all.

Sounds legit!

And hard to resist!

Yeah, just a new method for spoofing.

Yeah, I’ve received two of these within the last week. Emails from my Facebook friends, but they link to a spam site (weight loss) and the email address is something wacky @yahoo or whatever.

I figured they just had a rogue Facebook app, as I don’t have (hardly) any apps running in my FB. But if the spammers are harvesting public info, even better.

Do you play games on Facebook? do those friends? Are the people who have sent emails they cant account for the same as the people who keep inviting you to join them in games they are playing? I think you will find that most of those invitations are not coming from them also.

People dont read the popups they give permission to when they join things like that. This wasnt even an APP. I wasnt joining their game or getting some neat screen thing. This was simply a link at a discussion site that said “to post you must sign in” and then a link that said “sign in with your FaceBook account”. So it wasnt even an APP for me. It was for that site which allowed people a faster method of logging in.
BUT when I read, the app said…


Your basic info
Your email address ([email protected])
Your profile info: description, activities, birthday, education history, groups, interests, likes, location, religious and political views and work history
Your events
Your status updates
Friends' profile info: birthdays, education histories, locations and work histories
Events shared with you
Status updates shared with you
Access to posts in your News Feed
Access to post on your behalf

Seriously! Just so that I could sign in to a site that I would probably never return to, it wanted all of that info AND PERMISSION TO POST ON MY BEHALF! This was the most extreme I have seen lately but many of them do ask permission to post or email your friends, as you.

I’ve been getting these quite infrequently, and they’re just an email from a random person, usually with just a link. Since I can see that without reading the email, I typically just delete them. Good to know it’s not the result of something being hacked, though.

Yeah, but it’s making me look bad, and if there’s any looking bad to be done for me, I’m the one that’s going to do it!