Occasionally I get “Getting back onto Facebook” emails, which I thought was some weird attempt by FB to get me to engage more, but it appears that these emails are sent when login attempts using your email address fail.
The email
Subject: Getting back onto Facebook
Sender: Facebook <security@facebookmail.com>
Reply-to: noreply <noreply@facebookmail.com>
Content:
Sorry that you’ve been having trouble logging in to your Facebook account.
Get back on Facebook now
You can also get password help or login help on Facebook.
If you’re still having trouble or believe this was sent by mistake, please visit our log-in help page:
https://www.facebook.com/help/login
This message was sent to xyz@example.com. If you don’t want to receive these emails from Facebook in the future, please unsubscribe. Facebook, Inc., Attention: Department 415, PO Box 10005, Palo Alto, CA 94303
Is it a scam or a phishing attempt?
No. The email address it is sent from is from a Facebook owned domain, it passes the SPF tests (SPF = Sender Policy Framework), and all links in the email do actually go to Facebook.
So what’s it all about?
I clicked the unsubscribe link to see what would happen, and it takes you to a page where you can unsubscribe from emails that tell you when login attempts have failed.
So, despite the unusual wording of the email, it’s an email to tell you that your supposed login attempts have failed. If you haven’t had any failed login attempts, then it’s likely someone is trying to login as you.
You can unsubscribe from these emails from Facebook if you wish, but it would be wise to make sure you have a reasonably strong password just in case someone is trying to get in as you.
Facebook security of email addresses and passwords
As noted in the previous paragraph, it’s a good idea to have a reasonably strong password, but you could also use an alternate email address to login with, i.e. one that’s not known to anyone and doesn’t show on your Facebook profile.
If you use Gmail / Google Apps for your email, you can create aliases to your email address by adding + then an alias after the user part of the email address. For example, if you have email@gmail.com, you can also send emails to email+xyz@gmail.com which will also be delivered to you, where xyz is anything you want it to be.
Note that if you have set up multiple email addresses in your profile at Facebook, and any one of those can be used to log in with, so you’ll need to remove all of the ones other than the one you want to log in with.