Non-motoring > Facebook Spam/Phishing - You have notifications... Miscellaneous
Thread Author: rtj70 Replies: 13
View Threaded 

 Wed 22 Dec 10 00:11 
 Facebook Spam/Phishing - You have notifications... - rtj70
Mods I know this could be classed as computer related but people use Facebook from other devices.

I got two emails tonight claiming to be from Facebook about notifications. They look fairly genuine but all of the links in the mail point to a website known for phishing:

kadege.freehostia.com/crackle.html

Any decent security software should protect you and even warn you before visiting the site.

For a Facebook user you might be tempted to click on a link - I do not know what would happen if you visited but it's not wise.

Now someone said earlier they were surprised you could send an email without an actual subject... well email lets you send emails that claim to come from someone else. All very easily done. Yes you can work out the true sender but in an email client it can be easy to fool the average user.

Digitally signed emails is a way forward.
Reply to this message | Report message
       
 Wed 22 Dec 10 00:14 
 Facebook Spam/Phishing - You have notifications... - rtj70
Looking at the actual email (SMTP source)... it looks genuine but not. It is almost certainly spoofed.
Last edited by: rtj70 on Wed 22 Dec 10 at 00:15
Reply to this message | Report message
       
 Wed 22 Dec 10 00:20 
 Facebook Spam/Phishing - You have notifications... - RattleandSmoke
I nearly fell for one when I was very tired, I was expecting a reply from a question in ebay. Sure enough nearly fell for it, it was only because I could see the header it was a fake and no doubt as soon as the URL opens it would have been obvious.

Reply to this message | Report message
       
 Wed 22 Dec 10 00:28 
 Facebook Spam/Phishing - You have notifications... - rtj70
If I'd opened the URL for this I suspect the damage would be done. I was prevented from opening it in the first place - well warned. I do have a 'dormant' Facebook login.

I then logged in and I got an email from Facebook (genuine) because I hadn't logged in for a long time.

I wonder what would happen if I really opened the link??? The from fields in the normal view in the email client for genuine Facebook email vs this one were similar, e.g.


X-Apparently-To: xxxxxxxxxx via 217.146.183.111; Tue, 21 Dec 2010 23:54:57 +0000
X-YahooFilteredBulk: 69.64.155.181
Received-SPF: fail (mta1085.mail.ird.yahoo.com: domain of claudia.coimbra@sap.com does not designate 69.64.155.181 as permitted sender)
:
:
:
Authentication-Results: mta1085.mail.ird.yahoo.com from=facebookmail.com; domainkeys=neutral (no sig); from=facebookmail.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (HELO ehost-services214.com) (69.64.155.181)
by mta1085.mail.ird.yahoo.com with SMTP; Tue, 21 Dec 2010 23:54:57 +0000
Received: from [10.18.255.123] ([10.18.255.123:43998])
by mta016.snc1.facebook.com (envelope-from )
(ecelerity 2.2.2.45 r(34067)) with ECSTREAM
id 44/E4-96618-3C1B31F5; Tue, 21 Dec 2010 15:54:58 -0700
X-Facebook: from zuckmail ([MTI3LjAuMC4x])
by www.facebook.com with HTTP (ZuckMail);
Date: Tue, 21 Dec 2010 15:54:58 -0700
To: xxxxxxxxxxx
From: Facebook
Reply-to: Facebook
Subject: You have notifications pending
Message-ID:
X-Priority: 3
X-Mailer: ZuckMail [version 1.00]
X-Facebook-Camp: stale_email
X-Facebook-Notify: stale_email; mailid=3b9dec743ba6265bce3f5b5ee52893
Errors-To: update+ecynerejpjgo@facebookmail.com
X-FACEBOOK-PRIORITY: 1
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_e62177db0a0c6c812c35ac0ba1733930"

--b1_e62177db0a0c6c812c35ac0ba1733930
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To login to Facebook, follow the link below:
www.facebook.com/n/?find-friends%2F&mid=3D3b9dec743ba6265bce3f5b5e=
e52893&bcode=3DTYzzj&n_m=3Dxxxxxxxxxxxxxxxxxxxxx
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Hi,

You haven't been back to Facebook recently. You have received notificatio=
ns while you were gone.

You have the following notifications:
2 messages

Thanks,
The Facebook Team

To login to Facebook, follow the link below:
Reply to this message | Report message
       
 Wed 22 Dec 10 00:36 
 Facebook Spam/Phishing - You have notifications... - RattleandSmoke
Unless the code was some how injected into images on the site I think you would have been ok if your browser is up to date etc. The danger would have been if you had logged into it, it would have got your facebook username and password.

Once you have your facebook details they will probably hope that they can log into your email etc but I guess it might just be used to send out spam via facebook.

Reply to this message | Report message
       
 Wed 22 Dec 10 00:37 
 Facebook Spam/Phishing - You have notifications... - rtj70
No idea what the website is - care to try it!

kadege.freehostia.com/crackle.html
Reply to this message | Report message
       
 Wed 22 Dec 10 00:39 
 Facebook Spam/Phishing - You have notifications... - RattleandSmoke
Yep I have a PC just for that purpose :D.

Connected to its own NAT router too.

I will visit the website but I shall not be logging into anything :D

Could also use the virtual machine but I use the XP system to keep things interesting :)
Reply to this message | Report message
       
 Wed 22 Dec 10 00:40 
 Facebook Spam/Phishing - You have notifications... - rtj70
Well it goes here: femalerxtabletsfitness.com/

So no big worry but the original email looks like it comes from Facebook. If it had a payload to worry about then things could be different.
Reply to this message | Report message
       
 Wed 22 Dec 10 08:38 
 Facebook Spam/Phishing - You have notifications... - R.P.
Top tip - get a Facebook specific hotmail or similar e-mail account - don't bother using it for anything else - you miss out on the notifications which are a pain anyway and anything that comes to your primary accounts are going to be suspect.
Reply to this message | Report message
       
 Wed 22 Dec 10 08:52 
 Facebook Spam/Phishing - You have notifications... - Zero
Top tip - Dont use Facebook.
Reply to this message | Report message
      2  
 Wed 22 Dec 10 09:07 
 Facebook Spam/Phishing - You have notifications... - Dave
"Top tip - Dont use Facebook"

Or Twotter.
Reply to this message | Report message
       
 Wed 22 Dec 10 09:43 
 Facebook Spam/Phishing - You have notifications... - teabelly
Or just turn off the notifications in settings. It's quite easy :-)
Reply to this message | Report message
       
 Wed 22 Dec 10 10:07 
 Facebook Spam/Phishing - You have notifications... - rtj70
My point is the emails I got did not come from Facebook anyway - just appeared to.
Reply to this message | Report message
       
 Wed 22 Dec 10 10:16 
 Facebook Spam/Phishing - You have notifications... - R.P.
I appreciate that Rob - but if you get a Facebook e-mail to an account they don't know about you know it's a fishy one !
Reply to this message | Report message
       
Latest Forum Posts
Tue, 29 Apr 2025 02:13
Motoring Discussion
by zippy
Anybody want a Fisker?
https://www.dailymail.co.uk/news/article-14622205/fisker-ocean-ev-stuck-company-bust.html I couldn't see if she bought the car on ...
Tue, 29 Apr 2025 01:27
Non-motoring
by zippy
NHS
>> >> ...and turn us all into Elon Musk...? >> ...
Tue, 29 Apr 2025 01:11
Non-motoring
by zippy
NHS
>> ...and turn us all into Elon Musk...? >> I ...
Tue, 29 Apr 2025 00:28
Non-motoring
by zippy
US Sim advice
I'm sure that you'll have a wonderful time Smokie. I ...
Tue, 29 Apr 2025 00:26
Non-motoring
by CGNorwich
US Sim advice
If you feel the need for a North American trip ...
Mon, 28 Apr 2025 23:02
Non-motoring
by smokie
US Sim advice
Well I spent some time setting up and updating my ...