Facebook Class Action email - it looks like a phish but it's the real deal

The news that Facebook is turning facial recognition back on in photo tagging has a silver lining.
Many of our readers have been inspired to revisit their privacy settings and to make sure those settings really are what they intended.
Reviewing what the cyberlifestyle gurus call your security posture is something well worth doing once in a while.
Like regular trips to the dentist, or routine prostate examinations, it can save you a lot of unexpected grief in the future - but it doesn't leave you numb in body, mind or wallet.
This, in turn, has led a number of you to ask about a Facebook-related email that's doing the rounds lately.
It certainly has some of the hallmarks of a phish:

There's an arresting headline:
NOTICE OF PENDING CLASS ACTION AND NOTICE OF PROPOSED SETTLEMENT
There's the assurance that this email is lawful, objective, legitimate and, indeed, important:
A federal court authorized this Notice. This is not a solicitation from a lawyer.
There are millions of dollars up for grabs, if only you are willing to join in:
Facebook will pay $20 million into a fund that can be used, in part, to pay claims of Class Members who appeared in a Sponsored Story.
Got your attention? Good. Because there are some worrying things, too.
Like the sender's email address, which seems unusual for something with the imprimatur of a federal court:
From: legalnotice
Or the online call to action, asking you to click a link the in the email:
Please visit www.xxxxxxxxx..com (if clicking on the link does not work, copy and paste the website address into a web browser)
If you're worried about web links in unsolicited emails (and you should be!), you can fall back to the good old telephone.
But you have to a phone number given by the sender, which is usually a no-no.
That number is always going to terminate where the sender wants it to, so a bogus sender can answer to make you believe you've reached a company with any name they like:
You may also contact Class Counsel, Robert S. Axxx of the Axxx Law Firm, by calling 1-555-555-5555
Or you can send an email, though interestingly to an address quite different from the already-unusual one used by the sender.
Oh, and there's just a touch of bait-and-switch, if you read carefully:
Each participating Class Member who submits a valid and timely claim form may be eligible to receive up to $10.
That's it, I'm afraid.
That $20 million pot will give you a maximum return of $10.
If you dig further, you might find even more curious facts that aren't immediately obvious. You'll need to click the link and drill down into a number of documents, including a 46-page PDF entitled:
PLAINTIFFS MOTION AND MEMORANDUM OF LAW IN SUPPORT OF MOTION FOR ATTORNEYS' FEES AND COSTS AND CLASS REPRESENTATIVES' SERVICE AWARDS
The bottom line, roughly speaking, is that the lawyers are hoping to claim approximately $8 million in fees. So there'll be $12 million left to pay all the possible claimants.
→ You'll get $10 if there are 1.2 million claimants or fewer. But if there more than 2.4 million claimants, your share would be below $5, and the court might decide that it's too hard and expensive to distribute that many payouts. In that case, a named charitable fund may end up scooping the whole pot. After the lawyers' fees.
Fact is, however, that this isn't a phish.
It's a genuine class action, with a genuine proposed settlement for Facebook's disputed Sponsored Story system.
So the lawyers are entitled - indeed, I suspect they're probably obliged - to try to contact you to advise you of your involvement (whether you expect it or wish it), because your own legal rights are affected by this matter.

Author: Paul Ducklin
Source and read more:
http://nakedsecurity.sophos.com/2013/02/04/facebook-class-action-email-it-looks-like-a-phish-but-its-the-real-deal/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29

0 yorum: