- This scan notes the email that it’s being sent to in the footer. In this case, email@example.com. We use alias email accounts so that we can tell where an email came from (or who is selling our email addresses to marketing companies). In this case, the email is going to firstname.lastname@example.org. I am confident that I haven’t setup a Facebook account with email@example.com, so this is obviously bogus. You may see something like firstname.lastname@example.org, email@example.com, etc. The important thing to note here is that it’s not an email address that you have with your legitimate Facebook account.
- If you hover your mouse over the links in the email (don’t click on them), you should be able to see where they are links to. These links should be to Facebook (or whoever the email is reportedly from). In this case, the links say that they’re going to Facebook but hovering over them confirms that they’re actually going to http://fuser20488.vs.easily.co.uk/consuelo/index.html (link intentionally broken), which is clearly not a Facebook.com link.
- This email doesn’t have any but, if you see obvious misspellings or grammatical errors, that’s another good sign that the email is a fake or a fraud.
As more and more antivirus software, email filters and firewalls are able to strip malicious attachments from email, attackers are having to find new and inventive ways to deliver viruses and other malicious content via email (email is an incredibly easy and efficient way for attackers to reach a huge group of potential victims). One of these ways is to include links to sites that store the content. Many times, these links are a) from sites that have been newly compromised and aren’t yet blacklisted and b) to zero day vulnerabilities that software, antivirus and firewall vendors haven’t yet been able to deliver patches for. Based on that, an educated user is the best and only protection against this type of scam. If you get an email that’s reportedly from Facebook warning that you requested a password change or from DHL that your package is ready or from ADP that there was a problem with your payroll, before reacting to the email and clicking, take a moment to check it out first.