There are a lot of miscreants out there on the interwebs that are looking to take over anything they can, including your Facebook account. Take a look at this screenshot from my email, just this morning.
Looks pretty legitimate, right? I definitely had to take a second look at it. The email address, while it’s not tied to my Facebook account, is mine. The username is accurate, as is the device used. Even the return email address (facebookmail.com) appears to be valid.
This is a phishing email, though. There are at least four items that stick out to make me suspicious, though.
- As mentioned, the email address. It’s mine, but it’s not associated with FB in any way.
- The device (Samsung S21) is not what appears when I look at my FB settings. Close, but not quite.
- If you look down at the bottom, Outlook.com shows me the targets of links in bottom of the message. Notice the gmail.com address in there? Facebook is not going to send you email through a gmail.com address.
- Hover over the links (buttons) without clicking them will expose the target of the link, which is a bogus email address:
Further investigation of the mail headers shows that the mail actually originated from a hosting facility in the Russian Federation:
Mail header excerpt:
Received-SPF: Fail (protection.outlook.com: domain of facebookmail.com does not designate 31.192.237.242 as permitted sender)
IP2Location Data:
| ISP | PDK LLC |
| Usage Type | Data Center/Web Hosting/Transit |
| Hostname(s) | warren2.f.weis.156.pserver.ru |
| Domain Name | pserver.ru |
| Country | Russian Federation |
| City | Chelyabinsk, Chelyabinskaya oblast’ |
Further research shows that pserver.ru is a known haven for spammers.
Please, let’s be careful out there. Don’t blindly click on links in emails, even if they appear legit. If you are in doubt, go directly to Facebook (or where you have an account you want to check) and check the security section.
You don’t have to investigate deeply, and you don’t have to be an IT Professional to help yourself. Just have a bit of caution. If you have concerns, ping me, and I will help you out.