We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Facebook scam email double-whammy?????
Options
PhylPho
Posts: 1,443 Forumite
in Techie Stuff
Advice appreciated:
I've no problem with spotting / blocking phishing & spam nor with malware threats as my computers are all protected. Emails which aren't from recognised senders don't get opened nor any attachments from a suspect source.
This morning, however, I've received an odd email from BT Yahoo! Mail Virus Protection ([EMAIL="mail-antivirus@yahoo-inc.com"]mail-antivirus@yahoo-inc.com[/EMAIL]), subject:
Alert: Virus detected but not Cleaned -- Attachment Removed (Facebook Password reset Confirmation.)
Message: BT Yahoo! Mail Virus protection detected the virus Trojan S.asfis in the file 'Facebook password 439.zip' attached to the enclosed email message. We scanned the file using Norton AntiVirus but were unable to clean it. Therefore, we removed the content of the attachment from the message. Please contact the message sender if you wish to receive the attachment.
OK. So far, so good. I know this is a scam because I do not have and never have had a Facebook account.
But if I was a genuine Facebook user, I could now go ahead and click on the original 'Facebook Password reset Confirmation' message which BT Yahoo has attached to its warning email, secure in the knowledge that the Trojan it contained has been stripped out.
But that's to assume that the entire email is genuine: the alert, the Trojan removal, and the 'cleansed' attachment.
It could well be.
But what bothers me is that BT Yahoo! has sent this email to an @btinternet.com email address which isn't mine and doesn't resemble any email address I have on BT.
To be clear about this: the name isn't mine and doesn't remotely look like mine. The three initials preceding it aren't mine and don't remotely resemble mine.
So how come I've received it?
On the face of it, this looks like a genuine alert about a 'cleansed' attachment of a Facebook message (and thus, an implicit invitation to go ahead and open that message.)
But if you're a scammer running a double-whammy, a neat way to get a gullible user to open an infected file might be to send a phony warning about it, together with a phony reassurance that the file is indeed safe to open. . .
. . . though how come I've received an email addressed to abcgreen when my name is defbrown baffles me.
Thoughts, anyone?
Thanks.
I've no problem with spotting / blocking phishing & spam nor with malware threats as my computers are all protected. Emails which aren't from recognised senders don't get opened nor any attachments from a suspect source.
This morning, however, I've received an odd email from BT Yahoo! Mail Virus Protection ([EMAIL="mail-antivirus@yahoo-inc.com"]mail-antivirus@yahoo-inc.com[/EMAIL]), subject:
Alert: Virus detected but not Cleaned -- Attachment Removed (Facebook Password reset Confirmation.)
Message: BT Yahoo! Mail Virus protection detected the virus Trojan S.asfis in the file 'Facebook password 439.zip' attached to the enclosed email message. We scanned the file using Norton AntiVirus but were unable to clean it. Therefore, we removed the content of the attachment from the message. Please contact the message sender if you wish to receive the attachment.
OK. So far, so good. I know this is a scam because I do not have and never have had a Facebook account.
But if I was a genuine Facebook user, I could now go ahead and click on the original 'Facebook Password reset Confirmation' message which BT Yahoo has attached to its warning email, secure in the knowledge that the Trojan it contained has been stripped out.
But that's to assume that the entire email is genuine: the alert, the Trojan removal, and the 'cleansed' attachment.
It could well be.
But what bothers me is that BT Yahoo! has sent this email to an @btinternet.com email address which isn't mine and doesn't resemble any email address I have on BT.
To be clear about this: the name isn't mine and doesn't remotely look like mine. The three initials preceding it aren't mine and don't remotely resemble mine.
So how come I've received it?
On the face of it, this looks like a genuine alert about a 'cleansed' attachment of a Facebook message (and thus, an implicit invitation to go ahead and open that message.)
But if you're a scammer running a double-whammy, a neat way to get a gullible user to open an infected file might be to send a phony warning about it, together with a phony reassurance that the file is indeed safe to open. . .
. . . though how come I've received an email addressed to abcgreen when my name is defbrown baffles me.
Thoughts, anyone?
Thanks.
0
Comments
-
i think it is some sort of scam, I've had a couple of these on gmail for facebook and DHL, just deleted themYes Your Dukeiness
0 -
It's easy to fake the sender's address in an email, but I don't believe it's possible to fake the recipient - for obvious reasons.
Have you checked the header to make sure that your email address is not there as an "undisclosed recipient"? In all probability, it's a scam email that was sent To: abcgreen with your email address in a large Bcc: list.
If that's the case, the original message should be harmless without its .zip file attachment.0 -
As said above what you "see" in the email is easily changed, if you have a email client like thunderbird you can view the full email header.
The facebook password reset scam has been reported on a number of sites. Facebook users are targetted because the site is very popular and popular sites are a good way to spread spam and propogate your trojans out to unsuspecting users PCs and be well on your way to world domination with your botnet
If malware has hijacked someones PC then it may well have access to their address book and thats where your address was harvested from. Dont be surprised if you start receiving emails for Viagra or some other unsolicited pharmaceutical wonder!
You wont get hit by anything inside an email unless you open an embedded object, click a URL and navigate to a dodgy "drive by" website, or open an attachement. I would just delete the email.
If you ever get a email that you want to complain about lets say something like "bobswonderpills@yahoo.com" you can always forward the email to "abuse@yahoo.com" generally speaking its usually abuse@<domain> , there may be other generic reporting addresses like spam@<domain> or phishing@<domain>
Hope this helps some0 -
Many thanks, fwor and rhythmsoup for the truly comprehensive help -- really appreciated! I've delved deep into the email as you two suggested and yes, my name and email address is 'buried' within it, thus accounting for why I've actually received it. I'll report it to btinternet 'abuse'.
Jeez, these scammers though!0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.9K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards