Anti-phishing Help Tips

Phishing is not fishing.

Facebook is an increasingly popular platform, so it follows that the crooks will find it irresistible.  Here is an example of a phishing email sent to me purporting to be from facebook.


Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
Your Facebook.

The important bits are in the headers:

Return-Path: <eventualities9@ft.com>
Delivery-Date: Thu, 08 Apr 2010 15:46:07 -0400
Received-SPF: softfail (mxus0: transitioning domain of ft.com does not designate 97.67.143.170 as permitted sender)
client-ip=97.67.143.170; envelope-from=eventualities9@ft.com;
helo=VAZHQJW;
Received: from VAZHQJW ([97.67.143.170]) 	by mx.XXXXX.XX (node=mxus0) with ESMTP (Nemesis)
id 0MStdl-1O7yX20MT7-00Rw8B ;
Thu, 08 Apr 2010 15:46:07 -0400
Received: from 97.67.143.170 by ft.com.mail6.psmtp.com;
Thu, 8 Apr 2010 14:44:41 -0500 Message-ID: <000d01cad753$eea50510$6400a8c0@eventualities9>
From: "Your Facebook" <help@facebook.com> To: <admin@imojak.com>

So beware when opening emails, check before opening any zip file, this header indicate that ft.com might have a compromised server or that its is being spoofed along with the facebook premise.

  1. Please remember that you will never be asked for your password or pin number, no matter how plausable the socially engineered email is.
  2. Check who sent it
  3. Where is it going to before you press send

Leave a Reply