We receive several malicious email messages each week that are mass-mailed with the intent to phish for personal information from unsuspecting users of the Internet. The information that can be obtained by these scams can be used to commit identity theft or for other nefarious purposes. Today I received the pictured email (see photo) that caught my attention as a good example of how phishing, social engineering, and malware are used to commit identity theft.
Phishing is a form of social engineering—a devious attempt to get a person to do something they normally would not do. In this case, the perpetrator is attempting to get us to click on one of the links in this official looking (spoofed) Facebook email by suggesting the recipient’s Facebook profile is required to be updated by Facebook. Who would want missing information in their Facebook Profile?
Because my anti-virus and anti-malware software blocked the launch of the Website when I (purposely) clicked on the links to investigate, I decided not to bypass that protection in exploring exactly how this scheme worked. I did not want to risk infection of my desktop computer with a new virus that could take me hours to remove or even worse to have to spend hours repairing the damage that such malware could cause including damaging the operating system and erasing data.
I can safely speculate that clicking on either link would lead to one of two typical scenarios that would increase my risk of identity theft or other problems. One scenario is that a keylogger would be downloaded and activated without me knowing. The keylogger would record my every keystroke as I was directed to login to my Facebook Website. My login keystrokes (user name and password) to my Facebook account would then be sent to the perpetrator.
The second scenario is that a spoofed (fake) Facebook Website would open, requiring me to login to the Facebook look alike Website. After entering my login email and password, those login credentials would be transmitted to the perpetrator.
(These scams work the same way with online bank, Ebay, PayPal and other accounts.)
In either case, the perpetrator could have sufficient information to login my account. Once in, they could rape my identity or if I kept a credit card on file with Facebook, they would have access to my credit card number to commit credit card identity theft.
Identity thieves and other nefarious characters use these and other techniques to commit identity theft or just to wreak havoc on unsuspecting Internet users in other ways (sometimes just for the "hell of it").
There are some obvious clues that this email message is scam. The (Facebook) Support Services Manger email address that appears in the header of the email is suspicious in that nothing in the address indicates the email was sent from a Facebook account. The domain ending with “AU” indicates registration in Australia.
The scam message was sent to one of my email accounts (which I disguised in the screen capture photo above for my own security) that does not correspond to any email account I currently or have ever used with Facebook. That makes it clear to me that someone is phishing.
If one hovers their mouse over either of the two links in the email (View Notifications or Go to Facebook), the URL that they link to can be examined. The URL has the form http://transportkruszywa.home.pl/authorizations.html?uid=campana.XXX, (After some investigation I learned this domain is registered in Poland). When one clicks on the link (don't do this unless you know what your are doing and your computer is protected), it opens a Website (which my anti-scumware program blocks) where a masked URL appears as, http://drugstorewalgreen.com.
These are all warning signs that this email is not from Facebook and that one is dealing with a malware attack. One is best advised to delete the email instead of clicking on the links as I did, unless one wants to deal with not only a virus, but identity theft and the possibility a devastating crash of your computer that could wipe out your operating system and data.
The Polish-to-English translation of “transport kruszywa” in a URL variation of a legitimate Polish trucking company Website that specializes in transporting aggregate (sand, rocks, etc.).
When scams like this are perpetrated, there is often more than one victim. In this case, two of the silent victims are businesses--Transport Kruszywa and Walgreens whose trademarks are misused to perpetrate the ruse.
Although this article is speculative on the motive behind the example of scumware discussed here, it nevertheless exemplifies how phishing works; the need for up-to-date internet security software to protects one’s computer assets; and that constant vigilance is required when opening email and using the Web.