Watch out for Facebook phishing e-mails

Worm and virus creators tend to target large user communities to increase the odds of infection. They make no exception for Facebook. I just received a “Facebook webmail” from the “Facebook Inform Center” (e-mail address: administrator45@facebook.com) which has virus written all over it. As you can see, the built-in phishing detector of Windows Live Mail marked it as suspicious immediately.
There are many different variations out there, but this particular e-mail tries to lure me into clicking a malicious link described as a video of a drunk striptease at a birthday party. Because I actually had a birthday party last week I’m more inclined to fall for that part of the description (because I’m obviously not interested in drunk strippers). But if you take a closer look at the hyperlink, you’ll notice that the part before the .com is NOT “facebook”. The trick to remember is to ALWAYS look for the facebook.com domain before the first backslash in the URL. Or even better: NEVER click any links in e-mails. Just go to Facebook.com and you’ll find these kind of notifications in your Inbox anyway.
This e-mail’s body reads:
Messages from Your Friends on Facebook, April 01, 2009
You have 1 friend requests – Personal Message:
Watch the video titled “Drunk Charlize is dancing striptease on my Birthday Party, March 28, 2009! We’re absolutely shocked!”.