Facebook phishing

Mar. 26th, 2010 12:04 pm
gusl: (Default)
[personal profile] gusl
I have an email address at live.com, which I forward to my main address.

Over a few hours, I got several emails at this address, supposedly notifications from Facebook. They had return addresses and link URLs just like the real Facebook, so I don't know how they're planning to steal your information.

Message #1:
<< Hi Jkjhgvfjkjhk,
Your account has been created — now it will be easier than ever to share and connect with your friends. >>


Message #2:
<< To complete the sign-up process, please follow this link:
http://www.facebook.com/confirmemail.php?e=[email]&c=[number]
You may be asked to enter this confirmation code: [number] >>


Messages #3 and #4:
<< Hi Jkjhgvfjkjhk,
Dimitri confirmed you as a friend on Facebook. Dimitri Psomas Volou Street >>
Then the same thing for "Papou Yiayia"

If you're wondering why these are all Greek names, it's probably because I use a Greek alias.

At first I thought my account was hacked and they used it to sign up on the real Facebook. However, I was able to login to live.com (Hotmail) normally and the Sent folder has no trace of a confirmation email.

All of their messages end with:
<< Didn't sign up for Facebook? Please let us know. This message was intended for [email]. >>
which sounds like yet another attempt to steal your information. I'm just not sure how...

Is it possible that they are trying to coordinate these emails with a DNS attack that redirects facebook.com to their evil site?
Tags:
Threaded | Top-Level Comments Only

(no subject)

Date: 2010-03-26 08:33 pm (UTC)
From: [identity profile] tedesson.livejournal.com
Is that a unicode domain name which only looks like facebook.com?

(no subject)

Date: 2010-03-26 09:05 pm (UTC)
From: [identity profile] gustavolacerda.livejournal.com
how would you check this?

When I copy, it pastes to "facebook.com".

(no subject)

Date: 2010-03-26 10:46 pm (UTC)
From: [identity profile] gwillen.livejournal.com
But one of the 'o's could be an omicron or something. That's not easy to validate.

(no subject)

Date: 2010-03-26 10:49 pm (UTC)
From: [identity profile] gwillen.livejournal.com
I would inspect the email headers carefully. There are two ways you could have received these emails: 1) someone forged emails from facebook, as you seem to suspect; 2) they are genuine, because someone put your email address into the real facebook as the address on an account.

I think (2) is more likely. The messages to you may just be splash damage from an attack against someone else that required creating a facebook account, or they may be the real attack; it's hard for me to tell.

(no subject)

Date: 2010-03-26 10:53 pm (UTC)
From: [identity profile] gustavolacerda.livejournal.com
(2) seems unlikely (assuming that my Live.com email is safe), because Facebook wouldn't let you add friends until you've confirmed your email... right, Facebook??

(no subject)

Date: 2010-03-26 11:42 pm (UTC)
From: [identity profile] rdore.livejournal.com
What if you try to add or change email addresses down the road?

(no subject)

Date: 2010-03-26 11:46 pm (UTC)
From: [identity profile] gustavolacerda.livejournal.com
They will wait until you've validated that the new email belongs to you... right, Facebook??
Edited Date: 2010-03-26 11:46 pm (UTC)

(no subject)

Date: 2010-03-30 01:25 am (UTC)
From: [identity profile] gustavolacerda.livejournal.com
the raw email doesn't have any omicrons... in fact, it REALLY points to facebook.com.
Threaded | Top-Level Comments Only

Profile

gusl: (Default)
gusl
My Website

February 2020

S M T W T F S
      1
2345678
9101112131415
16171819202122
23242526272829

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Top of page