Your facebook password has been changed

Got an email today that said Facebook changed my password. I suppose that's what happens when they detect that an account was tempered with. Actually, they probably just block the account and reset the password (i.e. you cannot log in with the same password anymore.)

The interesting thing is that it very looked like it came from Facebook. So the fake was really good at that level. It actually came from mail.recyclesoul.com which I guess is a religious website?

Why the email? It actually contains a virus in a document. The attached zip file has a file named Facebook_document which is a program (ends with .exe) and will do fun things to your computer, I'm sure.

That's going to recycle you, that's for sure!

Ah! By the way, Facebook is a brand name and it has a capital F. They would never send you an email without the capital F. Plus, they generally send HTML emails and no attachments. They would provide a link to their website instead.


Return-Path: <antarcticax291@ritashugart.com>
X-Original-To: alexis@halk.m2osw.com
Delivered-To: alexis@halk.m2osw.com
Received: from dynamic-adsl-94-37-19-118.clienti.tiscali.it
    (dynamic-adsl-94-37-19-118.clienti.tiscali.it [94.37.19.118])
    by halk.m2osw.com (Postfix) with ESMTP id 211AA1BDBB
    for <alexis@halk.m2osw.com>; Wed, 15 Sep 2010 03:15:50 -0700 (PDT)
Received: from 94.37.19.118 by mail.recycledsoul.com; Wed, 15 Sep 2010 12:15:46 +0100
Message-ID: <000d01cb54be$f688c8f0$6400a8c0@antarcticax291>
From: "Your Facebook" <support@facebook.com>
To: <alexis@halk.m2osw.com>
Subject: Your facebook password has been changed
Date: Wed, 15 Sep 2010 12:15:46 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
  boundary="----=_NextPart_000_0006_01CB54BE.F688C8F0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180

 

Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
Your Facebook.

Re: Your facebook password has been changed

 All kinds of red flags in that email!

Re: Your facebook password has been changed

My question Facebook, which I sent them the email, was:

 

What happened to your network security which allowed my email address to be sent to?

 

I know these are fakes and I know they happen but their network should not have a security hole in it which allows my email address out.

 

or does it?  or do they sell my address?   I dont feel like reading all of the fine print.


Re: Your facebook password has been changed

I'm not too sure how the bots find email addresses, but it is more likely that someone, one of your friends, used it in a non-encrypted email system (most of these systems are not encrypting the email data.)

Facebook could have leaked it too because when someone goes to see your Info page sees your email address there and at that point, unless you're using the HTTPS version, the email is also sent in clear through the wire. Any hacker who has access to said wire and can tap on to all the flowing data can gather that tasty email address...

It sounds like that will be remedied though and HTTPS may be used all the time. (The problem is that it is relatively slow...)