Category Archives: facebook alert

Fake Facebook Notifications

scamFRAUDalert have seen an aggressive spam campaign by spammers regarding facebook notifications. These notifications are all phishing expeditions which primary aim is steal your personal information and contain malwares.

This slideshow requires JavaScript.

You have a new direct message from Facebook Technical Support

Email Header Analysis

IP Address: 83.16.210.157 (aic157.internetdsl.tpnet.pl)
IP Address Country: Poland
IP Continent: Europe
IP Address City Location: Kalisz
IP Address Region: Wielkopolskie
IP Address Latitude: 51.7611,
IP Address Longtitude: 18.091
Organization: Polish Telecom

_______________________________

notification5

From Facebook Technical Support Fri Mar 15 18:54:32 2013
X-Apparently-To: scamFRAUDalert via 98.138.213.211; Fri, 15 Mar 2013 12:54:33 -0700
Return-Path: <foobar@aic157.internetdsl.tpnet.pl>
X-YahooFilteredBulk: 83.16.210.157
Received-SPF: none (domain of aic157.internetdsl.tpnet.pl does not designate permitted sender hosts)
X-YMailISG: hDNhEeUWLDsd.k5a1eCDk_CsQnuDSTbpWMGbhYIiLYGD_0K9
tZxCsYgFZ0d1Odo44CdWauSVWZgVKb3uGc539cKow4Vj1oIkWqo9l92AASXY
aRE6_hi2hi4yDE2uZQUnqnVC7qgZPk0mF5hz0qw57hhbMNsFd8NM7Tsm1wXC
tElN7CB7diy_qXEufd0oF59Axz3iODNo0DJo07JE8g3W4p7w9JTDOYvUDLN4
qpjqAcBJHvFE_hOkQif2bOC2NyLW._qR2qUps_JO_yByoQPB9T7ZylWqMGUt
AwSRTZmetySU5qrFcntsXAdqHEWa00XXzZrt_rzWy0xR8MoQSru7hzTqHyr8
9d8YL6z.F3TRqn.2U8MTR2XNTbQUNAHh942EHtWnh6l0HUR0rdFhgwS911a.
Dwvz7L.TAZPFa4bPAfEihSvvkxoC3lb0ETjxAapDd_7GsunRKUXBovwz74Gp
NeLIoN0olll1aU8W_P3oLeT4w0kdcFoC_m3MXR2wPYzEGJvUx_6zhydRTHTI
KZtPty__IeQDWwsSKUSmO7XcXc.ZocIGAfDcALunQKrRaTZvwQuteouovQ5j
2LvnOJUhycurKWg8H2Ls6HdO1wIPw0.Sk9V80eFWAoAgFOSzSSvYQPQMIGFX
60vYEYtNqSM30LUrrCynfFOgo.cc8KmWzxOpu3eiNi8cECkwOGOcDkn.dG7Z
X6to2Y1mAeZohY83FhJWNIHzjzasOuwSCEK8AvKjNYUySa3P2xHwDgtqR3ss
CeccrxV4ySP748iahZH8rstW9lXuxzV1OqQjfslosycLHasv8tEHcUvF.5Zg
xnCzLGoLco3erjCWOEYn5p0djjUcwFqI69xeMTycSumfsuMFGKBFw8m6jPry
DFmEK5lF8AVhLFnY1bst6dway0hBl6P_RrIoTbJNnoWYkC5UwVAj8zk8UrQZ
oVq.pUZaybM_dBGChflQPOQ5JrFiDlPFUzN_8T7w_94ujRZ5U2JABLAnT8SL
aOYzXiU9HgS4q0csHbNSrffzMHxXEKoR2OEsS5SJnPD_LgBsZtuOYeiw0TmP
xVatqe.edXKJhIsCAfPGuGQxHhcRYQdBzcS_G_cBX_NSiiS6bunE4DAduodS
4VZUfcNZ2tP0hcrgmbIdXp.GNBay7Plq9usnAVuIy60xqgPH..lm0.iJeMGF
zRkx3lAobOsqOpPhYEAo1nLXfZ62pzGsP9VYh_LZ5j3vOsM5lDxXWCk-
X-Originating-IP: [83.16.210.157]
Authentication-Results: mta1285.sbc.mail.gq1.yahoo.com from=aic157.internetdsl.tpnet.pl; domainkeys=neutral (no sig); from=aic157.internetdsl.tpnet.pl; dkim=neutral (no sig)
Received: from 127.0.0.1 (HELO aic157.internetdsl.tpnet.pl) (83.16.210.157)
by mta1285.sbc.mail.gq1.yahoo.com with SMTP; Fri, 15 Mar 2013 12:54:33 -0700
Date: 15 Mar 2013 20:54:32 -0500
To: scamFRAUDalert
From: Facebook Technical Support <foobar@aic157.internetdsl.tpnet.pl>
Subject: You have a new direct message from Facebook Technical Support

Message-ID: <a9d3f-b11c3-f47d7653f@aic157.internetdsl.tpnet.pl>
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Length: 5241

You have a new personal message from Facebook Support

Email Header Analysis

IP Address:  64.34.138.101 (plesk1.mitconsulting.ca)
IP Address Country:  Canada
IP Continent:  North America
IP Address City Location:  Toronto
IP Address Region:  Ontario
IP Address Latitude:  43.6667,
IP Address Longtitude:  -79.4167
Organization:  Wyzdom Technologies

_____________________________________

From Facebook Support Tue Mar 12 06:26:33 2013
X-Apparently-To: scamFRAUDalert via 98.138.213.211; Tue, 12 Mar 2013 05:26:04 -0700
Return-Path: <billing@plesk1.mitconsulting.ca>
X-YahooFilteredBulk: 64.34.138.101
Received-SPF: none (domain of plesk1.mitconsulting.ca does not designate permitted sender hosts)
X-YMailISG: FT3wha0WLDuJZYdzM1ZNI8tDZHtfumy9fD3Cf32O7m4UQM2Y
jhtLh3EJgW8aHwYVZ8CUWXCenUNHA2TG_UwYsvLBrVUOycdIGonRc8hPmTHF
k7gbMrGems7APU9O9mZC1NTfLo9ggPv8x5U0C83f2egWovEFqJUOf7BSWF9x
vlj3Ng4YhbFNAEPz8.ZBKGjIWz0eyXCxY9cq1.0xYcUecarRo9Zrxn4AT136
QNuHvBdh42K.njtSodICQE4RWHJFbBnCLKiKsJAZjJ0vaG4e4NiW2LxiEZHw
8mL6yeyJy1x68VVQ6ZIZkgFgZJYCZOQsfkoEVSRk81OmykdeHUCgMOOpC6gk
HhUB3hj_oyn73SK7ym8NMASI3NX8cpAfLrQ_V.B6YrgDQxZ9lxoMWaHQw1i.
2iXw4z2RXZ5wjByHFveTJgWNzzrMC_J9myqoPe4fPDlo_of3jCEJL.EW98On
D0EWrDzA804RLH5dGHLxg8i6ornecVgJY_m..0HEeTDEwakp_M7.l0uub1nK
UaWvJUKMYziSRXwWvXrHgrl.w_HWWDOyme5gzoSSKHklXEm._h9aLYqNZgnA
q8HeaLTT182z6ZVnpOFQvlJFF0v0ENMWDHbKrzsi.WNjtkSqXrD3DkH4VMqO
VYSE91eirwWDBAACmTmoU8m3cet_SjdYjCqbCAtbfeMLm93SOUjdzYjEEhOS
YKzz5hsNEE95tv.sSfGP.H6cIvh4kukU_x28DXxHP2GAOfcQUQYn86OvH85b
G.d2602bkmf6XxGJ_jWKL1kxw12WZNQ5W3v.nxZoJ3oarfDyyWewY_GNyzSg
u.08GnCRkG245yU7gKlbboSauQpsTWl0iqdsj5sBm19orR5yH1MiBDkUpKCG
V1iNeBuqO9GMKGV0q4bu50qO5nWjXvQVbxLmtvitrryl2pNvyi1eXqwrg6k1
Jf.F2lzS.sV9axUvwe2XVnzH1CtEVAzxv3fcW.GoA1vIzPjEsy8XFbqXWvjZ
kjzntrXLiOqJWPT1YwNYK3VR7gPPPBjI5qCZQZbT8eYJFejQBokfaESU9Dzf
zP.nJngQVEAISKH7.ZPVvn9YyUxvOGuAKLGMEnc2GHBxqu2VujZxO3PBs1lD
uwp_BV7roGuAQrJrUFbMN9h_giAiFcMfMV4hTiD02pG8_b4M3gjXw9UQpSYN
Uc_EXrxdQO9IV.vsWiCXZAXmyAkynQzefd8VAikvboim1FApG1YbQ6WB9pzm
PTE4TtI0YzE9B7GaggvLX9ojtR4o9PllC0yb1vtQQeOxPHLiRCAcdZdRYXcQ

_________________________________________

Reuhv2iunx1QuL3hPUwcMpe._hHftA–
X-Originating-IP: [64.34.138.101]
Authentication-Results: mta1214.sbc.mail.gq1.yahoo.com from=plesk1.mitconsulting.ca; domainkeys=neutral (no sig); from=plesk1.mitconsulting.ca; dkim=neutral (no sig)
Received: from 127.0.0.1 (HELO plesk1.mitconsulting.ca) (64.34.138.101)
by mta1214.sbc.mail.gq1.yahoo.com with SMTP; Tue, 12 Mar 2013 05:26:04 -0700
Date: 12 Mar 2013 08:26:33 -0500
To: scamFRAUDalert
From: Facebook Support <billing@plesk1.mitconsulting.ca>
Subject: You have a new personal message from Facebook Support
Message-ID: <8fdaf_a1b97-3bf6d6dcca@billing.plesk1.mitconsulting.ca>
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Length: 5279

You have a new direct message from Facebook IT Department

Email Header Analysis

IP Address: 187.103.104.254 (187.103.104.254)
IP Address Country: Brazil
IP Continent: South America
IP Address City Location: Navegantes
IP Address Region: Santa Catarina
IP Address Latitude: -26.9,
IP Address Longtitude: -48.65
Organization: Commcorp Comunicacoes Ltda

___________________________

From Facebook IT Department Mon Mar 11 00:44:09 2013
X-Apparently-To: scamFRAUDalert via 98.138.213.184; Sun, 10 Mar 2013 22:44:12 -0700
Return-Path: <hedlund@linux.cz>
X-YahooFilteredBulk: 187.103.104.254
Received-SPF: none (domain of linux.cz does not designate permitted sender hosts)
X-YMailISG: 2gfIn4sWLDuS_5jqOcsJkxiVs.oTEemBY4IK1ZIxhjCITznV
ggnnRJ_zY6eYQJsysWcxphRsw9bWwbZqonmmUKpsWYb.Y8oA8P8hBXkJ0knK
_4T3IaN9Q_0hzsDIqGvafQ9WuGTEp7QCOFa_qZxdcEtXpsomnkeSdAGM6mYT
qetn91eGFmRM36RGirq6lcs_OaZz9snHK0yyH1p0b1j3N9suBf0iaMpBNTl3
43P_ZrN7lUYeiSFoueS7wAZ73KDSQ2skGy7Bwe9jvTpsOXMXt3a6b9HwPhdE
j..xt8PD0iEedfaU.FgAApnmMrKXhejtNReBa.veBWYnVhRPHZ32QjrfR1gp
WhFWSNhxObOpLU78Kvn2PSD6KLEl9ICuIMhY5r6C83PMOZENsKs.zEHeN46g
pcGjG2gF2C59jsOqbtqjPEdWd5DUU_TX2Abf6o7AMhVlbxxx4pBJWC7TR8bl
41CYa7WpVuuxQcukfwveLoX9dY_kLoCmdykvOKw_DBWrU4HjfHNuQoa0k5o7
TFwmnQ9maJOGwn7y3Ck3nT3ERJ0MSx7XrPvdhnOghFaGXchpUqBcWblbsBc5
ZsBHp1edmra_M4YbfzJ8HTvpYC2U3o4UFt6PGoSLs1BKyyFrqzb7QAifbcsx
JoPVwJTKRVz.xOGJUnHruxpbx9.DKdraBPat99NB0druRwM5VUwdx8PFF5qw
CGELZAYZMKuz38oYINwrN.PsRbFByg3myot4KNH9PacXX7qu0.92MfNP1ZXj
xS2Q30q_4DLNA5vB6aUj1tWXAlWgJCzSXiKeO8aczPHtoH8ypktKYO7ogk0Q
cDKQ_aBTDypJrX.E0mdLQxbxpqeH1ezBqqgmqp3ouBuDbVDDsdpEVRYn.eBL
WYpeR8_g58NKAsNk_95pHF.THIz0RB5JDe3x_tIqQtJaXx6LdCkGQUYxVhb7
qFtrgwXg5ntfXoYQ1ZGzW3IFcdTatW1hc_MbRBmq7B5JgdJRHpkmUJpQlmP_
u.gI5aFkbD0gRTCliCQGiBacfNqfKYXP.7IbqnRxL5KIW0jyZoKRokBBkYD9
eFkh_poNg_syHgPwd4OF.rIYq0mNrZU0Xwq3Jel8E9s7p2zpJA3nHwbmhshZ
vcLO69bAjl7c98cR0wt2UnoekTn0Hh4aVdo.WdOxWYohBchT.g2YF_F0A_.r
e9NuQLt4hho0SexyJ9uhRlfPpJ33uaD72XIkf0v7bs7KWCNhOFlht8Cm_PPf
ZYxZuOC9saN1Ag_9BZswah2xuOYP.1K0nM_GYx1DjnofMBcFC_cMAuRukMG3
JXOryWe5xLaniE4EBxtbK9lf2zBOvlA-
X-Originating-IP: [187.103.104.254]
Authentication-Results: mta1229.sbc.mail.gq1.yahoo.com from=linux.cz; domainkeys=neutral (no sig); from=linux.cz; dkim=neutral (no sig)
Received: from 127.0.0.1 (HELO localhost) (187.103.104.254)
by mta1229.sbc.mail.gq1.yahoo.com with SMTP; Sun, 10 Mar 2013 22:44:10 -0700
Date: 11 Mar 2013 02:44:09 -0500
To: scamFRAUDalert
From: Facebook IT Department <hedlund@linux.cz>
Subject: You have a new direct message from Facebook IT Department
Message-ID: <e55415-1ee1_4a66e6@hedlund.localhost>
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Length: 5281

____________________________________

notification3

facebook
You have a new message from Facebook IT Department.
Your profile contains an invalid address.
View Notifications

Go to Facebook
This message was sent to scamFRAUDalert. If you don’t want to receive these emails from Facebook in the future, please click: unsubscribe.
Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303

You Have a New Personal Message From Facebook Services

Email Header Analysis

IP Address: 208.113.254.39 (apache2-fritz.ermac.dreamhost.com)
IP Address Country: United States
IP Continent: North America
IP Address City Location: Cleveland
IP Address Region: Ohio
IP Address Latitude: 41.4995,
IP Address Longtitude: -81.6954
Organization: New Dream Network, LLC

____________________________

notification2

From Facebook Services Sun Mar 10 17:17:44 2013
X-Apparently-To: scamFRAUDalert via 98.138.213.185; Mon, 11 Mar 2013 02:17:45 +0000
Return-Path: <lydia.coleman@apache2-fritz.ermac.dreamhost.com>
X-YahooFilteredBulk: 208.113.254.39
Received-SPF: none (domain of apache2-fritz.ermac.dreamhost.com does not designate permitted sender hosts)
X-YMailISG: mzYpC_AWLDtEfdYuI5vP7zDn7mQyIqNWnlftmUKwQxwIeGFt
i6HDgWqW2MxFzP403wp3AFz0ZgDA0ylapkB_AdsKkpHGzoXtbIuKPcCWXbUn
dT4IAoSoS95Z5DqdNht.8GQXCgQfRhGblPxLi53nzE4FW9gznWB9YiIkZNFk
U62rItV5PX_7Xe1ocy9oM4M_gAO.ob2ytbo5ycChJFnGo2wWe2JKv371_koD
OxSwD0v2YPK24vPVMbOlooaNPVBop1475cYnvMmO_lGkh92rPbejmBxrTYyI
hxwdaCnkorWiyBBIz2aBRrmz7g8I6HKL7xwcSvJe2J9vd.qDDwD5T8yTFg58
PdOYV4ifl3HNo3KhNfDttOWdpA_l1HSiWBRks.TzDfdPT5JMacORcPcjo8Ft
ofaL9kZRXXRZV8T33_LdjfWyt8Ng6itcm9SA6rdtD7omXBXQL1KVOsYP6pL2
bB3pDIWxVHggYGgeea_.bE7fmhG5.YCqeaidrfWs_.yTEcIzDCPw7eue2J6H
YVBL08vFpGXvz6I2zQScntOPPPinCSL2BDMHysT94zdLjGY4OV_RAJi0wkWC
t052uQmztjSCvZziUxj4ZYVFUat.u7pFk04fFGLI3wkWoF6nJf5WCr8UQTXa
RLPx0.vRapG5dWfAK8oB1v85G_ZOpXO6kebWHVhbxNn1gc8tcflqNaYkguto
GxESWfhR7gWPZzuI2d3Ceu08gPxp9yGSRYwOM3uKjJXpkZczFcmsemtWNp5k
0G3Hw8y6QKMvWuHggRXOrxK0LWF3tsTnwEkWQXj.V3v3REC55ynaREXkW5F2
.7LdJsKOtuF4s6tehgycO1uoDDhO2YHry9baF1SpK9ilyFrjhjrgz72KHHbv
plAVR_MQAvmbhZ5ATvYH1s8._SY6D16FfA4StDb7hkuruPBSIRTR.cXIbUd9
yKFasMPjsplNQJcgNUTUXp.F4NH9yX6tmudz_5yAN7FovBF7hf6d1nzecD.j
qriUQSgw5wM2hi2InZuV7vqZFsiYTj1eA8Vkg00hHvd7ZWwOyUVxcu3Wg2FR
Jt2XBo2lvZ4zZjY0EynYjPTxvpQMurCRfi2lkb1mXS_9tktEQ7txNUtsXXu8
O7SReaX3Jv1_966d8QDhqvbzpfM9rGuqMNOq0A_R_iTiqV7r20R6hUlOG4Ub
3LIOtEWnlyra8DSZX6dJnqljWRHBsdyt_e5pjImFNtttjXwDaSib1bww_NU6
7i7pRyORInEi.yfwarnJcjtkGOF_QuI24aapslxUnq3_DT2V.NefkAD_6t0W
X-Originating-IP: [208.113.254.39]
Authentication-Results: mta1077.sbc.mail.ne1.yahoo.com from=apache2-fritz.ermac.dreamhost.com; domainkeys=neutral (no sig); from=apache2-fritz.ermac.dreamhost.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (HELO apache2-fritz.ermac.dreamhost.com) (208.113.254.39)
by mta1077.sbc.mail.ne1.yahoo.com with SMTP; Mon, 11 Mar 2013 02:17:44 +0000
Date: 10 Mar 2013 19:17:44 -0500
To: scamFRAUDalert
From: Facebook Services <lydia.coleman@apache2-fritz.ermac.dreamhost.com>
Subject: You have a new personal message from Facebook Services
Message-ID: <667e_751548_8a552ba@lydia.coleman.apache2-fritz.ermac.dreamhost.com>
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Length: 5313

This message was sent to scamFRAUD ALERT. If you don’t want to receive these emails from Facebook in the future, please click: unsubscribe.
Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303