You have notifications pending – Facebook Fraud

Emails spoofing Facebook notifications are back in force.  Even though our filters stop them, many users assume they must be legitimate and will release them from quarantine, resending the original frauds to themselves.

Subject lines most commonly seen in this campaign are:

  • You have notifications pending
  • Hi, you have notifications pending

For the most part, these spam emails do a good job of spoofing actual Facebook emails, claiming to come from addresses such as:

  • Facebook <update+4msp8lq61xv2@facebookmail.com>
  • Facebook <update+vvibiminancq@facebookmail.com>
  • Facebook <update+7ixc67n5d2qr@facebookmail.com>
  • Facebook <update+nxwjoyrcnxdn@facebookmail.com>

In reality, these emails come from a variety of compromised webmail accounts and not legitimate Facebook servers.

Combined with realistic looking content, these emails are fooling unknown numbers of Facebook users.

You Have Notifications Pending - Facebook Fraud
Click for Larger Image

While the fraud is visually convincing, the links in these emails generally lead to known spammer sites such as:  http://tabletsbargainworld.net/ or to an endless variety of free hosting pages that are commonly used by spammers, often on “freehostia.com” such as:

  • http://ndadenso.freehostia.com/basely.html
  • http://aynalive.freehostia.com/intersecting.html
  • http://cattehlove.freehostia.com/stealthy.html

Depending on the particular email received, clicking on the link may just try to sell the visitor fake medications but often these sites are trying to steal user’s Facebook logins and/or are trying to install harmful code directly on the visitor’s computer.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , , , ,

2 Responses to “You have notifications pending – Facebook Fraud”

  1. R K Thomas says:

    OK, so now I know. But the link in the email brought me to the facebook ‘Find Friends’ Page; Is it legit or not??
    The email was from: update+i1_mmpkm@facebookmail.com

    If it’s not legit, what do I do about it? The only choice I can see is cancel Facebook & delete all future emails??

    ?? Help??

  2. You may very well have received legitimate notice from Facebook.

    The way to tell the difference between a real notice and a spoof is to:

    1) Inspect the full email headers to see if it actually came to your email account via a legitimate Facebook server, and if so then,

    2) Mouse over the hyperlinks to see if they actually go to the Facebook site.

    If both are true, then it’s a legitimate Facebook message.

    That doesn’t mean it’s not spam sent through Facebook, and if that’s the case then you’ll want to adjust your Facebook privacy settings.

    If even that doesn’t get you some piece and quite, then yes, canceling your Facebook account may be your only option.

    Social networks like Facebook, Myspace, Linkedin and other all come with some privacy and security compromises and each user has to decide if the benefits outweigh the inconveniences.