funsec mailing list archives

Fwd: Getting back onto Facebook

From: Jeffrey Walton <noloader () gmail com>
Date: Sun, 19 Apr 2015 20:10:14 -0400

This looks like a phishing attempt because I don't have a Facebook account.
I don't participate in the social networking experiments. So there's no way
I've been having trouble using it.

But all the links appear to be legitimate. I looked at the source, and they
all use https://www.facebook.com/... The only thing that looks suspicious
is the email address of security () facebookmail com. It looks fake because
Facebook is facebook.com, bit WHOIS claims its owned by Facebook, Inc.

Does Facebook regularly use phishing in an attempt to lure users? Is deceit
a common practice with Facebook? Aren't these practices a violation of a
number of consumer protection laws?

---------- Forwarded message ----------
From: Facebook <security () facebookmail com>
Date: Sun, Apr 19, 2015 at 7:59 PM
Subject: Getting back onto Facebook
To: Jeffrey Walton <noloader () gmail com>


Sorry you've been having trouble logging into your Facebook account. Get
back on Facebook now You can also get password help or login help on
Facebook. If you're still having trouble or believe this was sent by
mistake, please visit our login help page:
https://www.facebook.com/help/login
<https://www.facebook.com/n/?help%2Flogin&medium=email&mid=b9e3e75G64cd7ba0G0G86G72fb2e9&n_m=noloader%40gmail.com>
<https://www.facebook.com/n/?help%2Flogin&medium=email&mid=b9e3e75G64cd7ba0G0G86G72fb2e9&n_m=noloader%40gmail.com>
 Sorry you've been having trouble logging into your Facebook account.Get
back on Facebook now
<https://www.facebook.com/n/?help%2Flogin&medium=email&mid=b9e3e75G64cd7ba0G0G86G72fb2e9&n_m=noloader%40gmail.com>You
can also get password help
<https://www.facebook.com/n/?recover%2Finitiate&medium=email&mid=b9e3e75G64cd7ba0G0G86G72fb2e9&n_m=noloader%40gmail.com>
or login help
<https://www.facebook.com/n/?help%2Flogin&medium=email&mid=b9e3e75G64cd7ba0G0G86G72fb2e9&n_m=noloader%40gmail.com>
on Facebook.If you're still having trouble or believe this was sent by
mistake, please visit our login help page:
https://www.facebook.com/help/login
<https://www.facebook.com/n/?help%2Flogin&medium=email&mid=b9e3e75G64cd7ba0G0G86G72fb2e9&n_m=noloader%40gmail.com>This
message was sent to noloader () gmail com. If you don't want to receive these
emails from Facebook in the future, please unsubscribe
<https://www.facebook.com/o.php?k=AS2d32FC5sex1j1J&u=1691188128&mid=b9e3e75G64cd7ba0G0G86G72fb2e9>.
Facebook, Inc., Attention: Department 415, PO Box 10005, Palo Alto, CA 94303


*****



Delivered-To: noloader () gmail com
Received: by 10.36.92.146 with SMTP id q140csp1127077itb;
        Sun, 19 Apr 2015 16:59:04 -0700 (PDT)
X-Received: by 10.66.188.107 with SMTP id
fz11mr23568757pac.85.1429487943304;
        Sun, 19 Apr 2015 16:59:03 -0700 (PDT)
Return-Path: <security () facebookmail com>
Received: from mx-out.facebook.com (outmail021.prn2.facebook.com.
[66.220.144.148])
        by mx.google.com with ESMTPS id
c4si17034147pdf.49.2015.04.19.16.59.03
        for <noloader () gmail com>
        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Sun, 19 Apr 2015 16:59:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of security () facebookmail com
designates 66.220.144.148 as permitted sender) client-ip=66.220.144.148;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of security () facebookmail com designates
66.220.144.148 as permitted sender) smtp.mail=security () facebookmail com;
       dkim=pass header.i=@facebookmail.com;
       dmarc=pass (p=REJECT dis=NONE) header.from=facebookmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=facebookmail.com;
    s=s1024-2013-q3; t=1429487943;
    bh=bwZQnEmALWIDc80xTw7olMTohRM4SBylYzmkGQSxgCM=;
    h=Date:To:From:Subject:MIME-Version:Content-Type;
    b=DtWBobgF1LbxjOSKGnsxiKWDd4c5Pqv15DnfZoVtSiccct4TGZIoaAIWSCje+Ar5g
     moPltaKIBKyHkt0w/6S3NDLrrBzJQA82Uxi6O3/uFJhzIiya6OzJwhq5C2rMuP90gn
     CItSSP2ujie0OIJ/n33SWizSqWPM723E1cJdbe7Y=
Received: from facebook.com
(ZiNh7UxAcpAxaAwmkbmxYM4mdzuQbIW7Fx9pR7oBKU7YT6YV8n+dTuJd8IgBRFoR
10.103.99.63)
 by facebook.com with Thrift id 0e0e8dd4e6f011e4994c0002c9b112b4-c8ef4310;
 Sun, 19 Apr 2015 16:59:03 -0700
X-Facebook: from 2401:db00:11:2122:face:0:3b:0 ([MTI3LjAuMC4x])
    by www.facebook.com with HTTP (ZuckMail);
Date: Sun, 19 Apr 2015 16:59:03 -0700
Return-Path: security () facebookmail com
To: Jeffrey Walton <noloader () gmail com>
From: "Facebook" <security () facebookmail com>
Reply-to: noreply <noreply () facebookmail com>
Subject: Getting back onto Facebook
X-Priority: 3
X-Mailer: ZuckMail [version 1.00]
Errors-To: security () facebookmail com
X-Facebook-Notify: failed_login; mailid=b9e3e75G64cd7ba0G0G86G72fb2e9
List-Unsubscribe: <
https://www.facebook.com/o.php?k=AS2d32FC5sex1j1J&u=1691188128&mid=b9e3e75G64cd7ba0G0G86G72fb2e9

X-FACEBOOK-PRIORITY: 1
X-Auto-Response-Suppress: All
Message-ID: <c3d3d32ca8678f1108e3afb56f067359 () www facebook com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="b1_c3d3d32ca8678f1108e3afb56f067359"

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Fwd: Getting back onto Facebook Jeffrey Walton (Apr 19)
- Re: Fwd: Getting back onto Facebook Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 20)
  - Re: Fwd: Getting back onto Facebook Rich Kulawiec (Apr 22)