Soon, all of Facebook's 500 million users will be eligible for an email address @facebook.com, the domain once reserved for trusted staffers helping users. That trust can and will be exploited by fraudsters, until everyone knows actual staffers are @fb.com
Facebook staff will be moved over to the FB.com email domain, with addresses like firstname.lastname@example.org, according to a tweet from Facebook flack Andrew Noyes. Noyes said the company acquired FB.com from the nonprofit American Farm Bureau ("we've promised not to sell farm subsidies"). So if you get an official but suspicious looking email from facebook.com, particularly one asking you to email sensitive information, sit on it; the social network's real nerds are on the two-letter domain. Hopefully Facebook, which didn't mention this wrinkle in its blog post announcing the email feature, starts doing a better job of spreading the word on this. Otherwise phishers are going to have a field day.
(We're already having too much fun imagining fun, deceptive email addresses ourselves:)