I have recently received a phishing mail with the sender address from “facebookmail.com”. The phishing mail looks exactly the same as the real notification email from Facebook, and if not careful, I would have clicked the link and give away my facebook login name and password.
Here’s a screenshot of the original vs the phishing mail:
Both the emails look almost exactly the same. Here is how you can differentiate the phishing email from the real.
1. Subject of the email – I have several facebook accounts signed up with different email address and never did I receive any email from Facebook about “notification pending“. Facebook will not email you regarding your pending notification and ask you to login to your account.
2. Reply-to email address is wrong – Did you notice that the From and Reply-to email address are the same? In most cases, the Reply-to field is “firstname.lastname@example.org“, which means you shouldn’t reply to the mail.
3. No name personalization – If you have noticed, the original email from Facebook starts off with “Hi Damien” while the malware email starts off with “Hi“.
4. Content of the email – I login to Facebook at least once everyday, so it is not correct that “You haven’t been back to Facebook recently“. In addition, I have more than 3 pending friends requests, which means the content is absolutely wrong.
5. Link not pionting to Facebook.com – The last and most obvious clue is that when hover your mouse over the link, it does not point to Facebook.com. Instead it is pointing to “buildyourvision.com”. I never knew that Facebook is related to buildyourvision…
It is a good thing that Gmail comes with a powerful spam filter that can weed out the bad from the good. However, in the case where the phishing mail get through your spam filter, you will have to exercise your vigilant and protect yourself from being spammed/hurt by these malware. In the event that you are not sure, do not click on any link. Open a new tab and load facebook.com manually.
Here are some useful resources: