Facebook: Did I Just Get Phished?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Got this email:
-----------------------------------------------------------------------------
Subject: Peter, you have 1 friend request
Date: Sat, 4 Aug 2012 16:22:15 -0700

========================================
View Notifications
http://www.facebook.com/n/?find-friends%2Fbrowser%2F&mid=687abd4G573315e4G0G2b&bcode=B4RaWVwO_1.1344122534.AaT8Eg5mqBFPmDke&n_m=confirm%40fatbelly.com&lloc=cta

Go to Facebook
http://www.facebook.com/n/?home.php&mid=687abd4G573315e4G0G2b&bcode=B4RaWVwO_1.1344122534.AaT8Eg5mqBFPmDke&n_m=confirm%40fatbelly.com&lloc=2nd_cta
========================================

Hi Peter,

You have new notifications.

A lot has happened on Facebook since you last logged in. Here are
some notifications you've missed from your friends.

1 friend request

Thanks,
The Facebook Team

========================================
The message was sent to [x].[x].com. If you don't want to receive
these emails from Facebook in the future, please follow the link
below to unsubscribe.
http://www.facebook.com/o.php?k=AS1Dp5FAZQGID-ND&u=1462965732&mid=687abd4G573315e4G0G2b
 Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto
CA 94303
-----------------------------------------------------------------------------

It all looks plausible at first glance except:

- My middle initial is not "F".

- The "Confirm" email address is not the one I use on FaceBook.
  It's my main "junk" address that I supply to strangers.


When I paste either link into FireFox (which has not remembered
any of my PWs)  I get a login page asking for the PW to go with
the "Confirm" addr.



My real facebook account (whose name is nothing like "Peter F
Cresswell") looks normal to me....

So... did I just get Phished?
--
Pete Cresswell

Re: Facebook: Did I Just Get Phished?


Quoted text here. Click to load it

< snip >

Quoted text here. Click to load it

We would have to view the Full Headers (of course obfuscated for your privacy).

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Re: Facebook: Did I Just Get Phished?

Per David H. Lipman:
Quoted text here. Click to load it

Now that Confirm at fatbelly fullstop com is out of the bag,
should I care?   I'll post them if there's no further downside.
--
Pete Cresswell

Re: Facebook: Did I Just Get Phished?

Just got another email:
--------------------------------------------------------------------------
Received: from mx-out.facebook.com (outmail020.snc7.facebook.com
[69.171.232.154])
    by mailhost.cotse.com (8.14.3/8.14.2) with ESMTP id
q79E9uG0084172
(EDT)
    (envelope-from notification+y9=6c0y9@facebookmail.com)
DKIM-Signature: v=1; a=rsa-sha256; d=facebookmail.com;
s=s1024-2011-q2; c=relaxed/simple;
    q=dns/txt; i=@facebookmail.com; t=1344521372;
    h=From:Subject:Date:To:MIME-Version:Content-Type;
    bh=g89x9eL+h8amr2B67HZexMfwtcg26QCI3lbbU6dJTWs=;

b=sT9NHsKDeovd0t9cvZPg35RAvOth9iyT4/16GBe5pKyaOtTtAl0/uTa95wide4rn
 D1JVq2dyPnLI+Uq5xopIIrksgaOtOHTf9NLkYKASBL3Y1A+psg7EiV7iabEmpiaz
    RRd51JvgLW5YPNTK9SFXwyJ1UxbWTtzY21AaIT5ZafY=;
Received: from [10.80.153.77] ([10.80.153.77:41497])
    by smout048.snc7.facebook.com (envelope-from
    (ecelerity 2.2.2.45 r(34222M)) with ECSTREAM
    id C5/54-18680-C94C3205; Thu, 09 Aug 2012 07:09:32 -0700
X-Facebook: from zuckmail ([MTI3LjAuMC4x])
    by m.facebook.com with HTTP (ZuckMail);
Date: Thu, 9 Aug 2012 07:09:32 -0700
Subject: Did you log into Facebook from somewhere new?
X-Priority: 3
X-Mailer: ZuckMail [version 1.00]
Errors-To: notification+y9=6c0y9@facebookmail.com
X-Facebook-Notify: roadblock; mailid=68dc1caG573315e4G2b7d166G7b
X-FACEBOOK-PRIORITY: 0
MIME-Version: 1.0
Content-Transfer-Encoding
Content-Type: text/plain; charset="UTF-8"
X-Goldlist-Destination: Alias/destination goldlisted
(confirm@fatbelly.com)
X-Cotse-Filters: Default delivery, no intercepts, 0 tags added
X-Antivirus: avast! (VPS 120809-0, 08/09/2012), Inbound message
X-Antivirus-Status: Clean
X-Agent-Received: from mail.cotse.net (mail.cotse.net); Thu, 09
Aug 2012 10:10:06 -0400
X-Agent-Junk-Probability: 0

Dear Peter F Cresswell,

Your Facebook account was recently logged into from a computer,
mobile device or other location you've never used before. For
your protection, we've temporarily locked your account until you
can review this activity and make sure no one is using your
account without your permission.

Did you log into Facebook from a new device or an unusual
location?

 - If this was not you, please log into Facebook from your
computer and follow the instructions provided to help you control
your account information.

 - If this was you, there's no need to worry. Simply log into
Facebook again to get back into your account.

For more information, visit our Help Center here:
http://www.facebook.com/help/?topic=account_recovery

Thanks,
Facebook Security Team
--------------------------------------------------------------------------

Now I'm starting to wonder if, somewhere, there is a Peter F.
Cresswell who wonders what in the world is going on with his
factbook account...   OTOH, where are they coming up with the
Fatbelly.com address...
--
Pete Cresswell

Re: Facebook: Did I Just Get Phished?


Quoted text here. Click to load it

< snip >

Quoted text here. Click to load it

Looks like just a FB account screwup.



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

Site Timeline