Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Facebook: Did I Just Get Phished?
75 views
Skip to first unread message
(PeteCresswell)
Aug 4, 2012, 7:40:02 PM8/4/12
to
Got this email:
-----------------------------------------------------------------------------
To: Peter F Cresswell <con...@fatbelly.com>
Subject: Peter, you have 1 friend request
From: "Facebook" <update+y9=6c...@facebookmail.com>
Date: Sat, 4 Aug 2012 16:22:15 -0700
========================================
View Notifications
http://www.facebook.com/n/?find-friends%2Fbrowser%2F&mid=687abd4G573315e4G0G2b&bcode=B4RaWVwO_1.1344122534.AaT8Eg5mqBFPmDke&n_m=confirm%40fatbelly.com&lloc=cta
Go to Facebook
http://www.facebook.com/n/?home.php&mid=687abd4G573315e4G0G2b&bcode=B4RaWVwO_1.1344122534.AaT8Eg5mqBFPmDke&n_m=confirm%40fatbelly.com&lloc=2nd_cta
========================================
Hi Peter,
You have new notifications.
A lot has happened on Facebook since you last logged in. Here are
some notifications you've missed from your friends.
1 friend request
Thanks,
The Facebook Team
========================================
The message was sent to [x].[x].com. If you don't want to receive
these emails from Facebook in the future, please follow the link
below to unsubscribe.
http://www.facebook.com/o.php?k=AS1Dp5FAZQGID-ND&u=1462965732&mid=687abd4G573315e4G0G2b
Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto
CA 94303
-----------------------------------------------------------------------------
It all looks plausible at first glance except:
- My middle initial is not "F".
- The "Confirm" email address is not the one I use on FaceBook.
It's my main "junk" address that I supply to strangers.
When I paste either link into FireFox (which has not remembered
any of my PWs) I get a login page asking for the PW to go with
the "Confirm" addr.
My real facebook account (whose name is nothing like "Peter F
Cresswell") looks normal to me....
So... did I just get Phished?
--
Pete Cresswell
-----------------------------------------------------------------------------
To: Peter F Cresswell <con...@fatbelly.com>
Subject: Peter, you have 1 friend request
From: "Facebook" <update+y9=6c...@facebookmail.com>
Date: Sat, 4 Aug 2012 16:22:15 -0700
========================================
View Notifications
http://www.facebook.com/n/?find-friends%2Fbrowser%2F&mid=687abd4G573315e4G0G2b&bcode=B4RaWVwO_1.1344122534.AaT8Eg5mqBFPmDke&n_m=confirm%40fatbelly.com&lloc=cta
Go to Facebook
http://www.facebook.com/n/?home.php&mid=687abd4G573315e4G0G2b&bcode=B4RaWVwO_1.1344122534.AaT8Eg5mqBFPmDke&n_m=confirm%40fatbelly.com&lloc=2nd_cta
========================================
Hi Peter,
You have new notifications.
A lot has happened on Facebook since you last logged in. Here are
some notifications you've missed from your friends.
1 friend request
Thanks,
The Facebook Team
========================================
The message was sent to [x].[x].com. If you don't want to receive
these emails from Facebook in the future, please follow the link
below to unsubscribe.
http://www.facebook.com/o.php?k=AS1Dp5FAZQGID-ND&u=1462965732&mid=687abd4G573315e4G0G2b
Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto
CA 94303
-----------------------------------------------------------------------------
It all looks plausible at first glance except:
- My middle initial is not "F".
- The "Confirm" email address is not the one I use on FaceBook.
It's my main "junk" address that I supply to strangers.
When I paste either link into FireFox (which has not remembered
any of my PWs) I get a login page asking for the PW to go with
the "Confirm" addr.
My real facebook account (whose name is nothing like "Peter F
Cresswell") looks normal to me....
So... did I just get Phished?
--
Pete Cresswell
David H. Lipman
Aug 4, 2012, 7:43:15 PM8/4/12
to
From: "(PeteCresswell)" <x...@y.Invalid>
> Got this email:
< snip >
>
> My real facebook account (whose name is nothing like "Peter F
> Cresswell") looks normal to me....
>
> So... did I just get Phished?
> --
We would have to view the Full Headers (of course obfuscated for your privacy).
--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp
> Got this email:
< snip >
>
> My real facebook account (whose name is nothing like "Peter F
> Cresswell") looks normal to me....
>
> So... did I just get Phished?
> --
--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp
(PeteCresswell)
Aug 5, 2012, 7:57:14 PM8/5/12
to
Per David H. Lipman:
should I care? I'll post them if there's no further downside.
--
Pete Cresswell
>We would have to view the Full Headers (of course obfuscated for your privacy).
Now that Confirm at fatbelly fullstop com is out of the bag,
should I care? I'll post them if there's no further downside.
--
Pete Cresswell
(PeteCresswell)
Aug 9, 2012, 11:02:03 AM8/9/12
to
Just got another email:
--------------------------------------------------------------------------
Return-Path: <notification+y9=6c...@facebookmail.com>
Received: from mx-out.facebook.com (outmail020.snc7.facebook.com
[69.171.232.154])
by mailhost.cotse.com (8.14.3/8.14.2) with ESMTP id
q79E9uG0084172
for <con...@fatbelly.com>; Thu, 9 Aug 2012 10:09:56 -0400
(EDT)
(envelope-from notification+y9=6c...@facebookmail.com)
DKIM-Signature: v=1; a=rsa-sha256; d=facebookmail.com;
s=s1024-2011-q2; c=relaxed/simple;
q=dns/txt; i=@facebookmail.com; t=1344521372;
h=From:Subject:Date:To:MIME-Version:Content-Type;
bh=g89x9eL+h8amr2B67HZexMfwtcg26QCI3lbbU6dJTWs=;
b=sT9NHsKDeovd0t9cvZPg35RAvOth9iyT4/16GBe5pKyaOtTtAl0/uTa95wide4rn
D1JVq2dyPnLI+Uq5xopIIrksgaOtOHTf9NLkYKASBL3Y1A+psg7EiV7iabEmpiaz
RRd51JvgLW5YPNTK9SFXwyJ1UxbWTtzY21AaIT5ZafY=;
Received: from [10.80.153.77] ([10.80.153.77:41497])
by smout048.snc7.facebook.com (envelope-from
<notification+y9=6c...@facebookmail.com>)
(ecelerity 2.2.2.45 r(34222M)) with ECSTREAM
id C5/54-18680-C94C3205; Thu, 09 Aug 2012 07:09:32 -0700
X-Facebook: from zuckmail ([MTI3LjAuMC4x])
by m.facebook.com with HTTP (ZuckMail);
Date: Thu, 9 Aug 2012 07:09:32 -0700
Reply-to: Facebook <notification+y9=6c...@facebookmail.com>
Subject: Did you log into Facebook from somewhere new?
Message-ID: <593432d74aff9a5f...@m.facebook.com>
X-Priority: 3
X-Mailer: ZuckMail [version 1.00]
Errors-To: notification+y9=6c...@facebookmail.com
X-Facebook-Notify: roadblock; mailid=68dc1caG573315e4G2b7d166G7b
X-FACEBOOK-PRIORITY: 0
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Goldlist-Destination: Alias/destination goldlisted
(con...@fatbelly.com)
X-Cotse-Filters: Default delivery, no intercepts, 0 tags added
X-Antivirus: avast! (VPS 120809-0, 08/09/2012), Inbound message
X-Antivirus-Status: Clean
X-Agent-Received: from mail.cotse.net (mail.cotse.net); Thu, 09
Aug 2012 10:10:06 -0400
X-Agent-Junk-Probability: 0
Dear Peter F Cresswell,
Your Facebook account was recently logged into from a computer,
mobile device or other location you've never used before. For
your protection, we've temporarily locked your account until you
can review this activity and make sure no one is using your
account without your permission.
Did you log into Facebook from a new device or an unusual
location?
- If this was not you, please log into Facebook from your
computer and follow the instructions provided to help you control
your account information.
- If this was you, there's no need to worry. Simply log into
Facebook again to get back into your account.
For more information, visit our Help Center here:
http://www.facebook.com/help/?topic=account_recovery
Thanks,
Facebook Security Team
--------------------------------------------------------------------------
Now I'm starting to wonder if, somewhere, there is a Peter F.
Cresswell who wonders what in the world is going on with his
factbook account... OTOH, where are they coming up with the
Fatbelly.com address...
--
Pete Cresswell
--------------------------------------------------------------------------
Return-Path: <notification+y9=6c...@facebookmail.com>
Received: from mx-out.facebook.com (outmail020.snc7.facebook.com
[69.171.232.154])
by mailhost.cotse.com (8.14.3/8.14.2) with ESMTP id
q79E9uG0084172
for <con...@fatbelly.com>; Thu, 9 Aug 2012 10:09:56 -0400
(EDT)
(envelope-from notification+y9=6c...@facebookmail.com)
DKIM-Signature: v=1; a=rsa-sha256; d=facebookmail.com;
s=s1024-2011-q2; c=relaxed/simple;
q=dns/txt; i=@facebookmail.com; t=1344521372;
h=From:Subject:Date:To:MIME-Version:Content-Type;
bh=g89x9eL+h8amr2B67HZexMfwtcg26QCI3lbbU6dJTWs=;
b=sT9NHsKDeovd0t9cvZPg35RAvOth9iyT4/16GBe5pKyaOtTtAl0/uTa95wide4rn
D1JVq2dyPnLI+Uq5xopIIrksgaOtOHTf9NLkYKASBL3Y1A+psg7EiV7iabEmpiaz
RRd51JvgLW5YPNTK9SFXwyJ1UxbWTtzY21AaIT5ZafY=;
Received: from [10.80.153.77] ([10.80.153.77:41497])
by smout048.snc7.facebook.com (envelope-from
<notification+y9=6c...@facebookmail.com>)
(ecelerity 2.2.2.45 r(34222M)) with ECSTREAM
id C5/54-18680-C94C3205; Thu, 09 Aug 2012 07:09:32 -0700
X-Facebook: from zuckmail ([MTI3LjAuMC4x])
by m.facebook.com with HTTP (ZuckMail);
Date: Thu, 9 Aug 2012 07:09:32 -0700
To: Peter F Cresswell <con...@fatbelly.com>
From: "Facebook" <notification+y9=6c...@facebookmail.com>
Reply-to: Facebook <notification+y9=6c...@facebookmail.com>
Subject: Did you log into Facebook from somewhere new?
Message-ID: <593432d74aff9a5f...@m.facebook.com>
X-Priority: 3
X-Mailer: ZuckMail [version 1.00]
Errors-To: notification+y9=6c...@facebookmail.com
X-Facebook-Notify: roadblock; mailid=68dc1caG573315e4G2b7d166G7b
X-FACEBOOK-PRIORITY: 0
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Goldlist-Destination: Alias/destination goldlisted
(con...@fatbelly.com)
X-Cotse-Filters: Default delivery, no intercepts, 0 tags added
X-Antivirus: avast! (VPS 120809-0, 08/09/2012), Inbound message
X-Antivirus-Status: Clean
X-Agent-Received: from mail.cotse.net (mail.cotse.net); Thu, 09
Aug 2012 10:10:06 -0400
X-Agent-Junk-Probability: 0
Dear Peter F Cresswell,
Your Facebook account was recently logged into from a computer,
mobile device or other location you've never used before. For
your protection, we've temporarily locked your account until you
can review this activity and make sure no one is using your
account without your permission.
Did you log into Facebook from a new device or an unusual
location?
- If this was not you, please log into Facebook from your
computer and follow the instructions provided to help you control
your account information.
- If this was you, there's no need to worry. Simply log into
Facebook again to get back into your account.
For more information, visit our Help Center here:
http://www.facebook.com/help/?topic=account_recovery
Thanks,
Facebook Security Team
--------------------------------------------------------------------------
Now I'm starting to wonder if, somewhere, there is a Peter F.
Cresswell who wonders what in the world is going on with his
factbook account... OTOH, where are they coming up with the
Fatbelly.com address...
--
Pete Cresswell
David H. Lipman
Aug 9, 2012, 2:26:27 PM8/9/12
to
From: "(PeteCresswell)" <x...@y.Invalid>
> Just got another email:
< snip >
>
> Now I'm starting to wonder if, somewhere, there is a Peter F.
> Cresswell who wonders what in the world is going on with his
> factbook account... OTOH, where are they coming up with the
> Fatbelly.com address...
Looks like just a FB account screwup.
> Just got another email:
< snip >
>
> Now I'm starting to wonder if, somewhere, there is a Peter F.
> Cresswell who wonders what in the world is going on with his
> factbook account... OTOH, where are they coming up with the
> Fatbelly.com address...
0 new messages