Phishing: Someone tried to log into your account, user ID:#4976302

A user just logged into your Facebook account from a new device iphone 13 PRO MAX. We are sending you this email to verify it's really you.

Attcking email

Complete Email

from: #Face.Book <online@feosnt.ygegrota.qbsbqwfeb.uk.com> via 54919885861.238044269.238044269.hire.uk.com
to:
subject: Re: Jagdishkumawat,Someone tried to log into your account, user ID:#4976302
mailed-by: fleetsalespresenter.volvocars.com
signed-by: 54919885861.238044269.238044269.hire.uk.com

Email Body

Facebook
Hi Jagdishkumawat,

A user just logged into your Facebook account from a new device iphone 13 PRO MAX. We are sending you this email to verify it's really you. Report the user
Yes, me

Thanks,
The Facebook Team

This message was sent to Jagdishkumawat@gmail.com. If you don't want to receive these emails from Facebook in the future, please unsubscribe. Facebook, Inc., Attention: Community Support, 1 Facebook Way, Menlo Park, CA 94025. To help keep your account secure, please don't forward this email. Learn more.

Red Flags

This email contains numerous red flags that strongly suggest it is a phishing attempt aimed at stealing your Facebook login credentials. Here’s an analysis of why this email is likely fraudulent:


1. Suspicious Sender Information

  • Sender Name and Address: The sender appears as #Face.Book <online@feosnt.ygegrota.qbsbqwfeb.uk.com>. The use of unusual domains and non-standard characters in "#Face.Book" indicates an attempt to mimic the official Facebook name but is not genuine.
  • Mailed-by and Signed-by Information: The email claims to be mailed by fleetsalespresenter.volvocars.com and signed by a suspicious domain (54919885861.238044269.238044269.hire.uk.com), neither of which is associated with Facebook. Official emails from Facebook typically come from facebookmail.com or similar Facebook-affiliated domains.

2. Generic Greeting

  • Addressed to "Jagdishkumawat": This email uses the recipient's email address or name in an attempt to appear legitimate, but it still lacks specific details about the account activity (like the location or IP address of the login attempt). Facebook’s real alerts usually include more specific information, such as the login location.

3. Unusual Wording and Layout

  • Strange Formatting: The email body includes suspicious formatting, such as the awkward device name “iphone 13 PRO MAX,” which is not consistent with how Facebook normally formats device names in its security alerts.
  • “Yes, me” Link: A legitimate Facebook security email would not simply say “Yes, me” but would direct you to log in to your account independently or provide an option to check recent activity on a secure link. Scammers often use simplified, clickable prompts to capture personal information.

4. Phishing Tactics and Potential Links

  • Call to Action (“Report the user”): This phrase is used to trigger a quick response out of fear. Legitimate emails from Facebook typically avoid this kind of phrasing and instead provide a “Secure your account” link if a suspicious login attempt is detected.
  • Embedded Links: It’s highly likely that links in this email would direct you to a fake Facebook login page to capture your credentials. Always avoid clicking links in suspicious emails; instead, log in directly to Facebook via the official app or website.

5. Legitimate Contact Information and Security Warning

  • Unsubscribe and Address Information: The inclusion of "unsubscribe" information and the Menlo Park address are often added by scammers to mimic authenticity, but the sender’s details and domain inconsistencies still reveal it as a likely phishing attempt.
  • Security Advice: The warning to "not forward this email" and the "Learn more" link are typical in phishing emails to create a false sense of security and legitimacy.

Recommendations:

  1. Do Not Click Any Links: Avoid clicking on any links or buttons within this email, as they likely lead to phishing sites.
  2. Do Not Reply: Refrain from replying or providing any information, as this could expose more personal details.
  3. Log into Facebook Directly: If you’re concerned about the security of your Facebook account, go directly to Facebook’s official website or app and review your recent activity under Settings > Security and Login.
  4. Report and Delete: Mark the email as phishing in your email client and delete it to avoid any further risks.

Conclusion:

This email appears to be a phishing attempt designed to capture your Facebook login credentials. The odd sender details, unusual formatting, and vague security prompts are strong indicators of a scam. To safeguard your account, only access Facebook through official channels and report this email as phishing.