I am always getting emails from faculty at our school about questionable emails or viruses that are being sent around.  You can’t escape all of the commercials on t.v. about protecting you identity.

Just yesterday I got an email about a new login system that Facebook will be implementing. This was a perfect example of the types of email that are fooling people into giving up their personal informations and I can’t help think how many people these message are actually effecting.

What they are doing is called “phishing” and there are some things you can do to protect yourself and figure out if the messages are real or not.

Lets breakdown the email I was sent to teach people what to look for.

First the header information:

From:     facebook-noreply@facebook.com
Date:     December 29, 2009 9:27:45 PM EST
Subject:     You have a new alerts.
To:     johnny@johnnystryler.net
Reply-To:     misjudgementl@rm-capital.com

If you look at this you might think things are all good. The “From:” looks good, but you can spoof any from very easily it is set in your mail applications preference, so never go by that.

The “Date:”, “Subject:” and “To:” are all fine.  One thing you can do to double-check things would be to Google the “Subject” line and see what comes up.

The real key here is the “Reply-To:” which is to ‘misjudgementl@rm-capital.com’.  This alone tells me something is up.

The next part is the message itself:

hello there,

In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security.
Before you are able to use the new login system, you will be required to update your account.

Please use the link below to update your account now:

http://www.faceboolknm.org/login/index.html

best regards, © 2009 Facebook Alerts

The are a few things that are a problem here.  First is the lack of capitalization.  Now if you’ve read my writing you’ll know that I am not the strongest writer int he world, but I do now to capitalize my salutations.  “hello there” and “best regards” tells me something.  Next it the link they want you to click. Take a good look at it.  The fact it is from ‘faceboolkn.org’ should tell you that it is a hoax and an attempt to phish for information.

Thankfully, Firefox throws up a warning if you click on the link to alert you that there is an issue of “Reported Web Forgery” (see image above), but you can’t always count on this to happen or be caught in this way.  So you need to be on your guard.

So here is hoping that this helps… remember:

1. Check the header information…. the “To:”, “From:”, “Subject:” and “Reply-to:”.
2. Take a good look at the message and check for any spelling or grammar mistakes.
3. Look at any link(s) included in the email and see if they seems correct.
4. Google the subject line to see if anyone has reported anything.
5. Pay attention to warnings.
6. Google the subject line to see if anyone has reported anything.

I hope this helps and saves you from making many mistakes.  I will tell you I ignored something from PayPal a while ago that was a legitimate email that actually required me to make a phone call to straighten out, but I would rather make the call than give out information when I am not sure of the source.

ADDED: Here is a good link to a Facebook blog article on the topic: http://blog.facebook.com/blog.php?post=81474932130