Today, I received an email from a sender using the email  Facebook [update+vhohyyts@facebookmail.com] in my Microsoft Outlook account.  At first glance, it looks like a real email message sent by Facebook as it uses the look and feel of the popular social networking site. But if you try to point your cursor on the hyperlink, it is pointing to www.facebook.com.sazzawk.me.uk which is of course not an official Facebook website. The email is fake and so is the website it is pointing to. This may seems to be a “traditional” phishing attack that tries to steal your Facebook password.

screenshot of Facebook phishing email

A screenshot of Facebook phishing email

In the area of computer security, the term “phishing” refers to the fraudulent process of attempting to acquire sensitive information such as usernames, passwords, credit card details and more by acting as a legitimate organization in an electronic communication like e-mail.

The e-mail has the following message:
—————————————————————————
Dear Facebook user,
In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security.
Before you are able to use the new login system, you will be required to update your account.
Click here to update your account online now.
If you have any questions, reference our New User Guide.
Thanks,
The Facebook Team
—————————————————————————
Phishing e-mail messages like the one I received take a number of forms. They might appear to come from your bank or financial institution and asking for your credit card information. Other phishing emails might include links to spoofed Web sites where you are asked to enter personal information like your phone numbers and password.

What to do with Phishing emails?

If you have received phishing emails, simply ignore the message and do not click on any hyperlink on the fraudulent email.  Report the incident to concerned authorities like the US-CERT (United States Computer Emergency readiness Team).

The US-CERT is collecting phishing email messages and web site addresses. You can report phishing incident by sending them an email (phishing-report@us-cert.gov).