Using subject lines like “Facebook Update Tool” or “New login system” the latest Facebook Phishing fraud emails are luring and capturing many users into providing their Facebook username and login details.
While the emails claim to come from legitimate looking addresses such as “update+cexwwtvsif@facebookmail.com” the reality is they are coming from infected computers across the globe.
Example of Facebook-Phish
A quick review of the Received Internet Delivery Headers will clearly show the inbound connection doesn’t come from any legitimate Facebook mail server. Instead, you’ll see DSL and Cable user connections from Brazil such as dsl.telesp.net.br
Also, while the emails are well designed and legitimate in appearance the hyperlink to which you are supposed to log into your account is not a Facebook server.
No doubt part of what makes these identity theft emails so successful is the linked URL is effectively “baited” with the Facebook URL. The result is thatĀ upon a casual review by an unsophisticated end-userĀ such a link can at first appear to be legitimate.
For example, notice that this link does actually include a reference to “www.facebook.com” and it also contains the baited tidbits”usersdirectory” and “LoginFacebook.php”
http://www.facebook.com.pioateeiili.com/usersdirectory/LoginFacebook.php?ref=48136301128964491358245886&email=deniseboreing@onlymyemail.com
However, a careful review of the URL makes it clear that the actual server being linked to is at “pioateeiili.com” which is decidedly not a legitimate Facebook server.
This clever tactic social engineering within the hyperlinked URL is so effective that even though we block such emails and mark them as Spam and Fraud, users commonly release these from quarantine and resend them to themselves assuming (incorrectly) that our filtering has made a mistake.
- -
OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.
Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."
OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.
No related posts.
