2013 - 16,182 views

Summary: If you get an email supposedly from Facebook (top addresses have been change@facebook.com and support@facebook.com) , asking for a "Facebook Password Reset Confirmation", don't panic thinking that someone has reset your Facebook password (that's exactly what the bad guys want you to do), and whatever you do don't download or open the attachment that is in the email! The attachment, named either facebook_password_139.zip or facebook_password_239.zip, is actually a Windows malware file, facebook_password_139.exe or facebook_password_239.exe.

Most Recent Searches that Led to This Page: Resent confirmation SMS, zshare - fake facebook zip, facebook password reset code text message, Facebook Password Reset Code Text, universal facebook password reset code, Insert the confirmation code from the SMS instead, fake facebook password reset text message, facebook password reset text, reset confirmation sms, ?Resent confirmation SMS, ?Resent confirmation SMS ?, text message facebook password reset code, universal facebook confirmation code, Fake facebook password reset code, fake confirmation code

Previous Article « Chatroulette Exposed – Russian Roulette Video Chat Site with Pervs Instead of Bullets in the Chamber
Read Next Article » Facebook Linked to Venereal Disease (Yes, Really)

If you get an email supposedly from Facebook (top addresses have been change at facebook dot com and support at facebook dot com) , asking for a “Facebook Password Reset Confirmation”, don’t panic thinking that someone has reset your Facebook password (that’s exactly what the bad guys want you to do), and whatever you do don’t download or open the attachment that is in the email! The attachment, named either facebook_password_139.zip or facebook_password_239.zip, is actually a Windows malware file, facebook_password_139.exe or facebook_password_239.exe.

Here’s how the email looks in the typical email program:

From: “Facebook Security” (change@facebook .com)
To: (test@example .com)
Subject: Facebook Password Reset Confirmation! Important Message
Attachments: Facebook_password_139.zip

Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
Your Facebook.

But check out what the headers of this email reveal:

Date: Tue, 23 Mar 2010 08:13:04 -0600
From: “Facebook Security”
MIME-Version: 1.0
Message-ID: <000d01caca8a$923f4cc0$6400a8c0@myopicsv>
Received: from 173.213.163.99; Tue, 23 Mar 2010 08:13:04 -0600
To:
X-Mailer: Microsoft Outlook Express 5.50.4927.1200
X-Mimeole: Produced By Microsoft MimeOLE V5.50.4927.1200
X-Msmail-Priority: Normal
Date: Tue, 23 Mar 2010 08:13:04 -0600
From: “Facebook Security” (change@facebook .com)
To: test@example .com
Subject: Facebook Password Reset Confirmation! Important Message
Attachments: Facebook_password_139.zip

—

Do you see that “Received: from 173.213.163.99″? That’s actually a DSL line with iowatelecom.net (the complete address associated with this IP address is “mnpl-01-0867.dsl.iowatelecom.net”). Obviously Facebook isn’t sending email from a regional ISP in Iowa. And do you see that “X-Mailer: Microsoft Outlook Express 5.50.4927.1200″? Facebook doesn’t use Outlook Express to send email to their subscribers, either. (In fact, Facebook sends out their email from a cluster of IP addresses serviced by their own in-house domain, tfbnw.net, and they use the Ecelerity mailing software.)

So, almost certainly, one of two things is going on here. Either there is an evil malware spammer sitting somewhere in Iowa Telecom’s service area, sending out malware using Outlook Express; or some poor schmuck’s PC has been co-opted as part of a botnet, which is now spewing malware while being controlled by some botnet herder overseas. It’s most likely the latter, but what’s important for you is to know how to recognize this email for what it is, and to not open it.

You May Also Like:

The “Facebook Password Reset Confirmation” Scam

Twitter Password Reset Email Not Necessarily Phishing But Decidedly Clueless

Use Facebook and Gmail? Your Gmail Password May be at Risk!

Microsoft Offers Outlook Bundled with Paid Email Service

Windows Media and Outlook Express Both at High Risk

For additional similar stories check out our archives on Facebook, Phishing, Virus & AntiVirus

Comments (3)

3 Comments - Newest First »

my code is still not been accepted which is apain as i am unable to access facebook and i need to get look in my spam folder

Comment by sarah — 11/24/2010 @ 3:54 pm
how do i get a conformation number I forgot my pass word

Comment by jessutcliffe — 7/29/2010 @ 6:22 am
That’s interesting, given the fact that when my wife went to go on FaceBook this morning, she was stopped and asked for her password, which the “website” would not accept.
This was not an email, but one of her multi-tabs which open when she activates FireFox. She called me over and I attempted to watch, then insert her password, but “OK” would not do anything until it went “dormant”.
She finally shut down FF and re-started it, … FaceBook came up regularly.
Wonder what that was. I’m running IOBit on it to see if it’s OK by their standards.
Thanks!
Ted

Comment by Ted — 3/26/2010 @ 11:23 am

Line and paragraph breaks are automatic, your email address is never displayed.

NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. In some cases, after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol. All that said, ads by Google are not our recommendations, and are selected and served by Google, and we do not control what those ads display.

The Internet Patrol
A Division of ISIPP Publishing
Anne P. Mitchell, Esq. - Editor

About
About The Internet Patrol

Authors
About Our Authors
Author Quicklinks:
Anne P. Mitchell (articles)
Jessica Harris (articles)
Evan Sandsmark (articles)
Tom Gulley (articles)

Follow Anne On:

Twitter
Google +
Linked In
Facebook

*Twitter Explained in Plain English

Recent Comments to Our Articles

Shelley: I have had the same issue and am absolutely fuming.. My funds are withheld by PayPal due to me being a new seller, even though I have 100% feedback and always ship the next day.. I have registered a complaint with PayPal (for all the good it will do). Obviously this practice has... read

Susan: Fantastic, thank you, it’s so easy and it works!! My Mac doesn’t show the player the same way, it’s just a square black box with a pair of notes in it, but click on the box and the play/stop buttons appear… and it plays :o) read

POF banned twice: I happened to find this site while searching for POF bannings. I have been banned twice for basically the same thing. In my profile I stated I am not open to dating men who have kids and in the first case several men reported my profile for that. In the second case I stated... read

Tom N: There was literally no reason for them to do this to me, so they said I was a new seller, I first sold an item in 2004. I have 100% feedback rating. The customer service is located in the Philippines. I told them that in this country, when you buy an item you pay for it before you get... read

Mandip Shrestha: Dear Mandip Shrestha, This is to confirm your winning as your email ID was selected through a computer ballot system drawn from millions of email ID’s of both companies and individuals. We congratulate you as one of the lucky winners in the BBC One online lottery promotion... read

Amber: Thank you! From now on, I worship you for making this. read

Helen: I am dyslexic and sometimes I have to read something 20 times or same for writing before I understand or write correctly. I am on full moderation for this. I have been treated so rude and discriminated against. I have been told I can leave the group. That they will never take me off... read

Donathan Tandoc: Will icloud let us redownload our content purchased before icloud was announced? Like the music I bought a year ago? will i get charge for redownloading? read

gmailer: My recent sent emails have been disappeared as well. Does anyone know how to recover them? Thanks read

Pete Laberge: Sorry, but I will back RIM on this one. He’s making a business case. And he’s positioned to be able to. At one time, the commodore PET was the b-all and end-all. Then came the Apple ][ Remember the heady days of “Apple // Forever!”? Seen one lately? Then... read

Pete Laberge: I get zillions of these in Canada. My ISP/phone company allows me to maintain my own number block list via the net. I blocked SO Many such numbers that I FILLED the list. I had to void/kill it and start over…. And oh yes, those people who want to sell you the car warranty... read

r m: this never happened to me on YAHOO!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!! !!!!!!!!!! read

Katherine Reschke: I had this charge and it was from a legitimate purchase I made from another site (Priceplunge.com) read

Pete Laberge: Simple: have one UNIFIED Internet Sales Tax…. Charged at say, 10% and collected by the Feds. Split would be: 1/3 to Feds, 1/3 to buyer’s State, 1/3 to seller’s state. I admit my idea does not cover everything, but it is a start…. read

Jeff: WOW! How funny I had the same experience. Today I disputed all the charges with my bank, cancelled my debit card and filed a complaint against the company at bbb.org. The are a real scam! read