Security News > 2022 > July > Facebook 2FA scammers return – this time in just 21 minutes
Like last time, they created an HTML email with a clickable link that itself looked like a URL, even though the actual URL it linked to was not the one that appeared in the text.
This time the link you saw if you hovered over the blue text in the email really was a link to a URL hosted on the facebook.com domain.
The final dodgy link isn't directly visible to email filtering software, and doesn't pop up if you hover over the link in your email client.
The scam link draws apparent legitimacy from appearing on Facebook itself.
A link with text that itself looks like a URL isn't necessarily the URL that the link directs you to.
To find the true destination link, hover over the link with your mouse.