Facebook Phishing

b0b · From: Cloverdale, CA, USA

My email address has been publicly available for about a dozen years so, as you can imagine, I get a lot of bogus emails. This latest one surprised me because I hadn't seen it before. It was a phishing email, like the ones you see that impersonate banks, but this one pretended to be from Facebook.

The guy who wrote it didn't get it right (the links didn't work), but I could see that the URLs were pointing to a server in Spain. It's just a matter of time before these bogus emails become convincingly slick.

Don't click on links or buttons in emails "from Facebook". Use the same caution that you use with your bank accounts and PayPal account. Open a new browser window and log into Facebook.com from that. You will see your legit Facebook notifications in the blue bar at the top right of the Facebook page.
_________________
-𝕓𝕆𝕓- (admin) - Robert P. Lee - Recordings - Breathe - D6th - Video

Wiz Feinberg · From: Mid-Michigan, USA

I always advise my readers, friends and family members to hover over links before clicking on them. If your email client, or browser is capable of displaying a "Status Bar" one will appear, containing the actual URL.

If an email claims to be from Facebook, yet a hovered over link shows some other domain name after the http:// and before the first /, it is a hostile link.

Right now, a major BlackHole Exploit Kit attack is underway, spoofing all manner of brand names, organizations, social networks and hotels.

If you can set your email options to read messages in plain text, and tolerate it, do so. If your email client allows options to restrict the kind of content it allows to be displayed or activated, restrict active scripting (JavaScript) and iframes. If you use Windows Live Mail this is done by opening all messages in the Restricted sites zone, then raising that zone to its highest security setting.

I just published a how-to on securing your email clients, on my blog, in an article about New email BlackHole exploit attack has embedded JavaScript & iframe.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog

Chris Dorch · From: Wisconsin, USA

I have had that one before... I just got one today from someone trying to get me to re-up my domain name. Buy it now links and everything... Made me giggle...

Jack Stoner · From: Kansas City, MO

I mostly keep my system "clean". I don't click on links in e-mails even from a trusted friend. On my Hotmail account I get a lot of the phishing scams and the URL to click on gives them away everytime.

I use Mailwasher Pro which keeps most of the garbage out of my e-mail. However, on occasion I will be looking at legitimate e-mail and because my e-mail program is running (Outlook 2003) it will periodically check for e-mails and garbage can get in to the junk e-mail folder.

Short of turning off automatic send/receive in Outlook, I don't know how to get around this.
_________________
GFI Ultra Keyless S-10 with pad (Black of course) TB202 amp, Hilton VP, Steelers Choice sidekick seat, SIT Strings
Cakewalk by Bandlab and Studio One V4.6 pro DAWs, MOTU Ultralite MK5 recording interface unit

Jim Priebe · From: Queensland, Australia - R.I.P.

Forum Index > Computers		Next oldest topic :: Next newest topic

All times are GMT - 8 Hours	Jump to: