Phish: Facebook Update Tool aka Facebook Account Update

I had a rash of spam get through the filters at work today.  Supposedly, I need to click some links in an email to update my Facebook account — for “increased account security.”

facebook4.png

This is actually one of the most convincing phishing attempts I have seen, but there are telltale clues:

1) I got three copies with two different subjects.  Sometimes it pays to procrastinate.

2) They don’t seem to know my name.

3) The return address looks fishy, and it is different in all three copies.

4) The URLs are just wrong.  Always check the URL before clicking.  I see “facebook.com.ppiof.eu”.  Remember that this really means whatever.ppiof.eu, and something.com.something_else is always the bad guys.

And the real giveaway:

5)  I don’t have a Facebook account.  If I did, this would be the wrong email address.

facebook1.PNG

Now, if you do have a Facebook account, and if you only get one copy,  you can still spot the fakes pretty easily.  These phishing emails will go out to mailing lists and lots of users who pay attention to this sort of thing. When I get an interesting email, I will search for some of the text of the message on Google.  Generally, I find an article like this one.

Here’s the text of the email for the search engines.

Dear Facebook user,

In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security.
Before you are able to use the new login system, you will be required to update your account.
Click here to update your account online now.

If you have any questions, reference our New User Guide.

Thanks,
The Facebook Team

2 Responses to “Phish: Facebook Update Tool aka Facebook Account Update”

  1. Bill Karwin says:

    I now receive several of these emails per day. MXLabs has analyzed this scam:
    http://blog.mxlab.eu/2009/11/01/email-regarding-facebook-account-update-is-a-phish-part-2/

    This phishing is an attempt to get people to download the malware ZBot, a trojan that reportedly can steal financial data and give remote attackers access to your PC.

  2. Darin says:

    Thanks, Bill.
    My focus has been on avoiding the trap rather than the consequences.
    I honestly never considered what falling for one of these phishes would do to me — beyond “bad stuff”.
    I think I’ll add that information the next time I write about one.

    Darin