Wednesday, March 17, 2010

Facebook Password Reset Confirmation! Customer Support Email Scam Virus

Due to the popularity of Facebook, with as many as 400M users by some accounts, email scam artists are using email scams targeted at Facebook users.

The following email was received recently:

From: Facebook Messages [mailto:networks@facebook.com]
Sent: Wednesday, March 17, 2010 12:55 AM
To: XXX@YYY.com
Subject: Facebook Password Reset Confirmation! Customer Support.

Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
Your Facebook.


Email scam analysis:

The first red flag should be that no legitimate social network, including Facebook, will ever reset your password for you without you requesting it. Secondly, they will never send you an attachment to open in order to receive a password that you requested be reset. You can bet that the payload of this email scam is a computer virus that will likely be a Trojan Horse used to steal passwords of your online bank accounts to be use in bank fraud to steal your money, credit card numbers and personally identifiable information that can be used to commit identity theft and steal your identity.

The email is clever in that it appears to be sent from networks@facebook.com which is not a real email address. This is what is referred to as email spoofing and is a commonly used trick by email scam artists to convince the targets of the email scam into thinking the email is from a trusted source, thus luring the unsuspecting victim to open the malicious attachment.

Key Takeaways:

Never, and I mean never open an attachment from an unknown source. Even if you think you know the source (Facebook in this case), unless the source is from a trusted individual definitely do not open the attachment. 

Another level of scrutiny that can be applied to email attachments is to evaluate the subject and make sure that it is consistent with the style of the sender since some viruses, once infecting a computer, will replicate itself and send copies of itself to any email addresses it can harvest from email address books stored on the infected computer, thus taking advantage of the trust factor in recipients receiving email from someone they know and trust. 


These email scams can usually be identified by subject lines that are not characteristic of the writing style of the email sender. For example, I would not expect to see an email attachment with the subject "attached 0 tasty ass video of you" from my mother. 


These subject lines and emails are created and sent automatically and by the infecting virus  once they infect the unsuspecting email scam victim that opens the malicious attachment, all without being noticed by the victim/user of the infected computer. Often times they are alerted to the situation first by an email of a friend or colleague who was infected by opening a malicious attachment received by the initial email scam victim.

More Information (The Nityy Gritty) 

When sending email to that address, the following delivery failure is received:

Note: Forwarded message is attached.

Delivery has failed to these recipients or distribution lists:
networks@facebook.com
The recipient's e-mail address was not found in the recipient's e-mail system. Microsoft Exchange will not try to redeliver this message for you. Please check the e-mail address and try resending this message, or provide the following diagnostic text to your system administrator.


Sent by Microsoft Exchange Server 2007

A closer inspection of the initial email scam header reveals the following information:

Return-path:

Received: (envelope-from )
Received: from 61.93.114.140 by odb.electricsheepcompany.com; Wed, 17 Mar 2010 









No comments:

Post a Comment