Spotting Identity Thieves in your Inbox

This morning I received a message from Facebook, asking me to click a button on their email.

facebook identity theives 2

facebook identity theives

However, I noticed that when I put my mouse over the update button, the address I would be taken to is:

http://www.facebook.com.yy1azsva.eu/globaldirectory/LoginFacebook.php?ref=1371296993220802419758679214228283889232554843&email=xxxx@yourdomain.com

As you can see, I would not be taken to facebook.com
I would be taken to yy1azsva.eu, which is not facebook.
Always look at the right-most domain name.

I have no doubt that if I clicked on that link, they would ask me for my username and password to my facebook account.  From there, they have access to whatever information you’ve entered into Facebook.  And if you are an avid user, you’ve likely entered in some information that could be used to steal your identity.

I clicked the link, and guess what?
Google’s browser helpfully identifies the website as a threat.
Very helpful.
facebook identity theives 4

Firefox does not notify me that the site is suspected of Phishing, but I’m certain that google could make their phishing website database available to other browsers.

In firefox, this is what the Phisher’s site looks like – just like a facebook login page.

facebook identity theives 5Be careful out there.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>