Mods I know this could be classed as computer related but people use Facebook from other devices.
I got two emails tonight claiming to be from Facebook about notifications. They look fairly genuine but all of the links in the mail point to a website known for phishing:
kadege.freehostia.com/crackle.html
Any decent security software should protect you and even warn you before visiting the site.
For a Facebook user you might be tempted to click on a link - I do not know what would happen if you visited but it's not wise.
Now someone said earlier they were surprised you could send an email without an actual subject... well email lets you send emails that claim to come from someone else. All very easily done. Yes you can work out the true sender but in an email client it can be easy to fool the average user.
Digitally signed emails is a way forward.
|
|
Looking at the actual email (SMTP source)... it looks genuine but not. It is almost certainly spoofed.
Last edited by: rtj70 on Wed 22 Dec 10 at 00:15
|
I nearly fell for one when I was very tired, I was expecting a reply from a question in ebay. Sure enough nearly fell for it, it was only because I could see the header it was a fake and no doubt as soon as the URL opens it would have been obvious.
|
If I'd opened the URL for this I suspect the damage would be done. I was prevented from opening it in the first place - well warned. I do have a 'dormant' Facebook login.
I then logged in and I got an email from Facebook (genuine) because I hadn't logged in for a long time.
I wonder what would happen if I really opened the link??? The from fields in the normal view in the email client for genuine Facebook email vs this one were similar, e.g.
X-Apparently-To: xxxxxxxxxx via 217.146.183.111; Tue, 21 Dec 2010 23:54:57 +0000
X-YahooFilteredBulk: 69.64.155.181
Received-SPF: fail (mta1085.mail.ird.yahoo.com: domain of claudia.coimbra@sap.com does not designate 69.64.155.181 as permitted sender)
:
:
:
Authentication-Results: mta1085.mail.ird.yahoo.com from=facebookmail.com; domainkeys=neutral (no sig); from=facebookmail.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (HELO ehost-services214.com) (69.64.155.181)
by mta1085.mail.ird.yahoo.com with SMTP; Tue, 21 Dec 2010 23:54:57 +0000
Received: from [10.18.255.123] ([10.18.255.123:43998])
by mta016.snc1.facebook.com (envelope-from )
(ecelerity 2.2.2.45 r(34067)) with ECSTREAM
id 44/E4-96618-3C1B31F5; Tue, 21 Dec 2010 15:54:58 -0700
X-Facebook: from zuckmail ([MTI3LjAuMC4x])
by www.facebook.com with HTTP (ZuckMail);
Date: Tue, 21 Dec 2010 15:54:58 -0700
To: xxxxxxxxxxx
From: Facebook
Reply-to: Facebook
Subject: You have notifications pending
Message-ID:
X-Priority: 3
X-Mailer: ZuckMail [version 1.00]
X-Facebook-Camp: stale_email
X-Facebook-Notify: stale_email; mailid=3b9dec743ba6265bce3f5b5ee52893
Errors-To: update+ecynerejpjgo@facebookmail.com
X-FACEBOOK-PRIORITY: 1
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_e62177db0a0c6c812c35ac0ba1733930"
--b1_e62177db0a0c6c812c35ac0ba1733930
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To login to Facebook, follow the link below:
www.facebook.com/n/?find-friends%2F&mid=3D3b9dec743ba6265bce3f5b5e=
e52893&bcode=3DTYzzj&n_m=3Dxxxxxxxxxxxxxxxxxxxxx
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Hi,
You haven't been back to Facebook recently. You have received notificatio=
ns while you were gone.
You have the following notifications:
2 messages
Thanks,
The Facebook Team
To login to Facebook, follow the link below:
|
Unless the code was some how injected into images on the site I think you would have been ok if your browser is up to date etc. The danger would have been if you had logged into it, it would have got your facebook username and password.
Once you have your facebook details they will probably hope that they can log into your email etc but I guess it might just be used to send out spam via facebook.
|
No idea what the website is - care to try it!
kadege.freehostia.com/crackle.html
|
Yep I have a PC just for that purpose :D.
Connected to its own NAT router too.
I will visit the website but I shall not be logging into anything :D
Could also use the virtual machine but I use the XP system to keep things interesting :)
|
Well it goes here: femalerxtabletsfitness.com/
So no big worry but the original email looks like it comes from Facebook. If it had a payload to worry about then things could be different.
|
|
Top tip - get a Facebook specific hotmail or similar e-mail account - don't bother using it for anything else - you miss out on the notifications which are a pain anyway and anything that comes to your primary accounts are going to be suspect.
|
|
Top tip - Dont use Facebook.
|
"Top tip - Dont use Facebook"
Or Twotter.
|
|
Or just turn off the notifications in settings. It's quite easy :-)
|
|
My point is the emails I got did not come from Facebook anyway - just appeared to.
|
|
I appreciate that Rob - but if you get a Facebook e-mail to an account they don't know about you know it's a fishy one !
|
Facebook Spam/Phishing - You have notifications... - rtj70
