This past week I got a message from a spammer who was spoofing Facebook. I didn’t notice this message until this past week because our spam filters caught it and delivered it to my spam quarantine. I find that these days I don’t have the insight into new spam campaigns that I used to have because our filters are pretty good at pro-actively catching these types of malicious spoofing campaigns and I just don’t see them. I look at my quarantine reports sometimes to see how much spam I get, and only then do I notice “Oh, here’s a new one from Facebook”. Anyhow, the contents of this one is below:
The message looks pretty legitimate except that it is completely untrue that i haven’t been back to Facebook recently. The link is a link to a pharmacy spam site (or potentially one serving up a drive-by download, I didn’t bother clicking on it but it looks like pharmaspam). Anyhow, here’s an analysis of the spam message:
So, while this message does have an element of smooth sophistication to it (evading some spam filters, trying to give itself a look of legitimacy, correct grammar, spoofed headers) there really isn’t anything new here. It’s one of the same old tricks we have seen before, spoofing and social engineering.