A new phishing campaign is targeting Facebook users with fake “new device login” alerts that use mailto: links instead of traditional phishing websites, a tactic previously seen against Instagram users. Clicking any link in the email opens the victim’s email program with a pre-filled message to malicious or typosquatted addresses, potentially confirming the account’s validity to scammers. Security experts warn to verify email senders, avoid replying to suspicious alerts, and remember that legitimate companies will never request sensitive account details via email.

Via Malwarebytes