I get very grumpy when I get scam emails – DO THEY NOT REALISE WHO THEY’RE DEALING WITH?!? so when this just plopped into my Junk Mail folder (not my inbox I’m happy to say – furthering my appreciation of my top notch Internet Security) I couldn’t let it pass. It’s not even a good fake and here’s why ……
Clue #1: The “from” email address; well done spammer, you named your bogus account “Support” but the email address is a random collection of letters. And the host, “power.hostabi.com” never heard of it (I found it eventually – more on that later)
Clue#2: Authentic emails from Facebook include your name in the subject line and the email itself. This one has the spammy looking “You have a new message from support” as the subject and no mention of my name in the email.
Clue#3: It’s wrong. My profile hasn’t been updated, either by me or anyone else (incidentally there are also spam emails like this that tell you that you have new notifications. Genuine Facebook emails assume that you have seen your profile in the last 20 seconds so are generally worded more like; “Here’s a notification you may have missed”)
Clue#4: Saving the best for last; When you hover your mouse over links (DON’T CLICK ANY LINKS IN THESE EMAILS!) your Web browser displays the address that the link will take you to (usually in the bottom left corner of the window). Genuine Facebook emails will obviously take you to some variation of “facebook.com.” What is certain to me is that “binhminhit.com/lawyers” (where all the links were going to send me) is NOT Facebook related.
Clue#5: A quick search for the random power.hostabi.com on whatismyipaddress.com reveals that the IP address linked to the domain is located in TURKEY, not the Palo Alto CA address (Facebook HQ) it claims.
I urge EVERYONE to be on the look out for these clues in emails from Facebook and any other corporation (banks especially). It may be the case that they may only be links to survey or other rubbish sites but they could also hide trojan horses and other nasties.
If you do spot a fake – report it to Facebook or whichever company the emails are “from” and mark it as Spam/Phishing in your mail client.
Pay attention, use common sense!