Spammers Taking Advantage of a Facebook ‘Misconfiguration’

For several weeks I’ve received several emails from Facebook friends which claim they are sent from said friend however the from email address is obviously not them. The Subject line is “For Connie” and the content is simply a link or something about check out this link…

My brother-in-law brought it up to me today as he received one sent to him claiming to be from me but obviously not from one of my many email address and so I again did some searching to check into it and this time I found some intereting information.

The best info is on Forbes at:
http://www.forbes.com/sites/davidewalt/2012/08/29/facebook-spam-email-spear-phishing/

Quote:

I became aware of the threat after receiving two spear-phishing messages in the last week at a personal email addres registered with my Facebook account. In both cases, the sender appeared to be someone I interact with on Facebook, and the subject line was personalized (“for David”). But when I checked the email’s header fields, I saw that while my friend’s name was in the “From:” field, the originating address wasn’t their usual account; instead, it was a bogus-looking Yahoo! Philippines email. I quickly unearthed several other reports of similar emails, all received within the last few weeks.

Also take a look at http://isc.sans.edu/diary.html?storyid=13981&rss


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.