Is someone trying to get my Facebook password?
August 2, 2013 9:05 AM

For probably a year now, I have been receiving a lot of "You have requested a new Facebook password" e-mails. For example, I received eight in my inbox this morning, on top of four yesterday. What is going on, and how can I stop this?

The e-mails come from an @facebookmail.com address and appear to be legitimate as they include my name and indicate that they were sent to my e-mail address "at my request" (not!). Clicking the link under "If you didn't request a new password, let us know immediately" seems to do nothing. I have changed my password at least twice in the past year and it is strong. My account is registered under myratheruncommonfirstname.ratheruncommonlastname@verycommondomain.com. Would maybe deleting this e-mail address and using an even more unusual one help?
posted by karbonokapi to Computers & Internet (16 answers total) 2 users marked this as a favorite
Clicking the link under "If you didn't request a new password, let us know immediately" seems to do nothing.

Where does this link point? Post the full URL, redacting anything that looks like a unique identifier.
posted by Inspector.Gadget at 9:08 AM on August 2, 2013


Yahoo & Gmail both offer a way to submit phishing reports and you should send them copies of these emails including the full header so they can follow up.

Never, ever click on links in a phishing email.
posted by brookeb at 9:12 AM on August 2, 2013


In a technical sense, emails don't come from any particular address at all. The address they say they're from is self-reported. It's actually exactly like postal mail with a return address on it. You can write anything you want as a return address, and you can actually mail that letter from any mailbox in the world. The moral here being, the address a piece of email says it came from has all of zero to do with who actually sent it.
posted by tylerkaraszewski at 9:14 AM on August 2, 2013


I get these a lot too and so does my wife. no idea.

The email you get from Facebook sounds like mine. It does also say "If you didn't request a password, let us know immediately" which links for me to https://www.facebook.com/login/recover/disavow_reset_email.php?n=xxxx&id=yyyy

So it does all seem legit. My best guess is that someone has cracked some emails (not yours and mine) and is hitting the Facebook reset email request for lots of people. Anyone can request a reset on your behalf but if they dont control your email account it won't be successful.

Anyways, the goal would be that the email accounts they do have would get a nice Facebook reset in there. This is my theory, anyways. I doubt its anything malicious or specifically targeted.
posted by vacapinta at 9:30 AM on August 2, 2013


It's also possible there's some else out there with a similar username (eg, karbonkopi) who is a bit dim, is logged out of facebook, and is trying to log in with your username because they're not clear on the difference. They're obviously not getting in, so they try to reset the password and (from their perspective) nothing is happening, so they try again.
posted by adamrice at 9:33 AM on August 2, 2013


Oh, one thing my wife and I have in common is that we are early facebook users. So we both have facebook ids that are just our names instead of ournames427. So, yes, as adamrice says it might also be one of these legions of people who didn't get a numberless name.
posted by vacapinta at 9:35 AM on August 2, 2013


It happens to me frequently because my email is my very common first and last name @gmail.com and lots of people out there with the same name can't figure out their correct email address when requesting a new password. On preview, same as jamaro.
posted by CheeseLouise at 9:43 AM on August 2, 2013


I used to get a lot of these. I set up a filter in Gmail to archive all such emails so that I don't see them in my inbox. If I ever need to actually reset my password, I can find it in All Mail.

As far as I know, my name is unique.
posted by double block and bleed at 9:50 AM on August 2, 2013


Thank you all for the ideas so far -- much what I thought.

Where does this link point? Post the full URL, redacting anything that looks like a unique identifier.

The link to reset:

https://www.facebook.com/recover/code?u=XXXX&n=YYYY

And the link to disavow, like vacapinta already said:

https://www.facebook.com/login/recover/disavow_reset_email.php?n=YYYY&id=XXXX
posted by karbonokapi at 9:53 AM on August 2, 2013


A wildly surprising number of people do not know their own email addresses.

You'd think having an uncommon first and last name would protect you from those people, but it can sometimes work the other way. If another person with that uncommon combination is accustomed to being able to register at websites using that combination of names, the few places you got to first may trip them up.

This is especially true if "verycommondomain.com" is yahoo or hotmail or another email service that sometimes uses country code domains. Could I tell you for sure if my yahoo ID is jacquilynne@yahoo.ca or jacquilynne@yahoo.com? No. If I used it for my everyday email, I might be able to, but a lot of people have these random addresses they use just to sign up for things, and don't actually log into them often.

You can probably change the registered address on your Facebook page, and then the next time they try to reset the password on their Facebook account, they'll be told no account exists with that email. That might prompt them to figure it out.
posted by jacquilynne at 9:59 AM on August 2, 2013


I wouldn't remove the problem email address from my Facebook. You do that and they'll be able to create a new FB account with it. So instead of getting "password forgotten" emails (bad) you'll be getting "activate this new account" emails (worse).
posted by sbutler at 10:14 AM on August 2, 2013


Facebook lets you send a password reset email using either your email or your username, with no additional information. After they enter that, if you have your Facebook locked down properly, it will just say "xxxx@gmail.com, Facebook User", so there is no real indication that it isn't correct.

(Also interesting is that you can have email addresses set with privacy as visible "Only to Me" and they still show up redacted in the list that anyone can see by doing a password reset. And the redaction is a bit of a joke, since it will be something like "s****@y***.edu". So if you are concerned about privacy, remove any extra email addresses. They might be leaking private info.)
posted by smackfu at 11:43 AM on August 2, 2013


Nthing that it is likely just someone with a similar name forgetting/mistyping their email address. The other possibility is that you logged in from a shared device, your email was still in the username field and someone tried to log in a few times before they realized that it was the wrong username (I have done this). I got these pretty regularly for a few weeks, then set up the double verification on Facebook where it texts you a code if you're trying to log in from an unknown browser, and it stopped.
posted by melissasaurus at 12:07 PM on August 2, 2013


I solved this by changing my Facebook login email to a bizarre random combination of letters and numbers @ gmail.com. It's so nonsensical that I can't remember it and need to use 1Password to fill it in. I use that email address only for Facebook.
posted by ceiba at 12:44 PM on August 2, 2013


A wildly surprising number of people do not know their own email addresses.

I'll nth this as someone with a somewhat common first and last name and a gmail account, I get a ton of this sort of thing, and get subscribed to various email newsletters and listservs I didn't ask for, as well as having people just email me out of the blue with personal messages, thinking I am their friend or relative with the same name as me who they hope has a gmail account too. It gets tiring sometimes.
posted by aught at 1:39 PM on August 2, 2013


I've been getting many many of these too, with the stupid little link Facebook sends also making no difference, and my name isn't all that common. Best (mostly uninformed) guess is that someone in Russia or some other hack-happy country is just running a script to attempt, incompetently, to crack any accounts it can dream up.
posted by paultopia at 3:59 PM on August 3, 2013


« Older The war criminal rises and speaks   |   How can I modify my Trek to make it a) prettier... Newer »
This thread is closed to new comments.