When you receive an email pupporting to originate from a famous company that many people do business with — like, say, Bank Of America, AOL, eBay or Facebook — and the email comprises a short but ominous message and a hyperlink to a Web site … the sensible thing to do is to immediately delete the message without clicking the link. Right?

After all, the chances are that it may be a Phishing attempt.

And if you run a company that many people do business with  — like, say, Bank Of America, AOL, eBay or Facebook — it would be in your interest to educate your customers about Phishing and to help them to recognize suspicious emails. Right?

With that in mind … what do you think of this communication from Facebook?

"Unfortunately, the settings that control which email notifications get sent to you were lost. We're sorry for the inconvenience.

To reset your email notification settings, go to



The Facebook Team


I hardly paid it a thought. It wasn't addressed to me by name, there was no signature, it told a very unlikely sounding story that seemed designed to put the fear of Facebook into me and get me to reveal all sorts of passwords and stuff. Furthermore, it looked very unprofessional.

What a surprise to  discover later that it wasn't a hoax at all. When I visited Facebook, the same message was at the top of the notifications ..


Can consumers ever be expected to protect themselves against Phishing when real companies send out such Phishy emails?

And what's the deal with losing my email notification settings, and then switching to a default setting whereby I receive an email every time a facebook member blinks. That's not cool at all.