Post by drcard on Dec 12, 2014 9:20:52 GMT -5
Hi All,
Just a heads up on a new security threat.
I got an email that got past my anti-spam and security software. It was a "notification" that my Facebook password has been reset due to security concerns and to reset my password I have to fill out this form at the link provided. Problem is I don't have and never had a Facebook account (I do not do social media). It was real easy to detect that this is malware even if I did have a Facebook account. I decided to not only post a warning about this malware but also how to detect such emails are malware.
How to tell if an email is malware.
1. The email is from someone you never have gotten an email from. Since I never had a Facebook account I have never received an email from Facebook.
2. The email address does not match the sender in the address. The email message said that the email was from the "The Facebook Security Team" but the email address was from "notification@aldeiadasflores.com". The email address is an individual's email address rather than an organization such as facebook.com. True businesses do not use individual email addresses for notifications. No IT department of a business would sign a notice as the "Security Team".
3. A provided link in an email concerning a security issue with your account. This is the biggest indicator of malware. Since this is a well known way malware "tricks" users into providing account information, no business will ever provide a link to correct a security issue.
4. The link is for a web site that has nothing to do with the business. In this malware the link was to "topworstshoponline.com" and not Facebook.com. A little investigation showed that this web site was created just a few weeks ago from a domain in Chicago.
5. What is stated in the email is not true. I don't have a facebook account, but IF I did I could have signed onto my Facebook account and found that my password worked perfectly and had not been reset by the "Facebook Security Team".
Exactly what the payload of this malware is I don't know as I did not and I will not click the provided link. Some of these types of malware can delivery their malware just by clicking the link. The lesson here is if you get any email with a link to resolve some problem with any account you might have, DO NOT CLICK the link. Any business you have an account with will NOT provide a link for you in any account related business because emails are not secure and often are delivered to the wrong address (thus giving anyone that gets the email access to your account information).
Just a heads up on a new security threat.
I got an email that got past my anti-spam and security software. It was a "notification" that my Facebook password has been reset due to security concerns and to reset my password I have to fill out this form at the link provided. Problem is I don't have and never had a Facebook account (I do not do social media). It was real easy to detect that this is malware even if I did have a Facebook account. I decided to not only post a warning about this malware but also how to detect such emails are malware.
How to tell if an email is malware.
1. The email is from someone you never have gotten an email from. Since I never had a Facebook account I have never received an email from Facebook.
2. The email address does not match the sender in the address. The email message said that the email was from the "The Facebook Security Team" but the email address was from "notification@aldeiadasflores.com". The email address is an individual's email address rather than an organization such as facebook.com. True businesses do not use individual email addresses for notifications. No IT department of a business would sign a notice as the "Security Team".
3. A provided link in an email concerning a security issue with your account. This is the biggest indicator of malware. Since this is a well known way malware "tricks" users into providing account information, no business will ever provide a link to correct a security issue.
4. The link is for a web site that has nothing to do with the business. In this malware the link was to "topworstshoponline.com" and not Facebook.com. A little investigation showed that this web site was created just a few weeks ago from a domain in Chicago.
5. What is stated in the email is not true. I don't have a facebook account, but IF I did I could have signed onto my Facebook account and found that my password worked perfectly and had not been reset by the "Facebook Security Team".
Exactly what the payload of this malware is I don't know as I did not and I will not click the provided link. Some of these types of malware can delivery their malware just by clicking the link. The lesson here is if you get any email with a link to resolve some problem with any account you might have, DO NOT CLICK the link. Any business you have an account with will NOT provide a link for you in any account related business because emails are not secure and often are delivered to the wrong address (thus giving anyone that gets the email access to your account information).
