What Does a Phishing Scam Look Like?
What's really sad is that in my research for this topic, I only had to look so far as my own email account. I went into the Junk folder of the Hotmail account that I've maintained for many years and there were two phishing emails that had been sent in the past few days.
Facebook Phishing Example
Included here is a screenshot of a Facebook phishing email I recently received. At first glance, it looks like the type of email you get from Facebook whenever someone sends you a message. When I opened the email, it was pretty obvious to me that it did not come from Facebook.
Bad To/From Email Address
For starters, my email address is not firstname.lastname@example.org. That should be your dead giveaway. If that's not enough, look at the From: email address. After the @ is the domain from which it came, and it should be from Facebook.com or Facebookmail.com or something similiar, and not just a bunch of random letters and numbers as seen here.
Misspelled Words and Typos
If you look at the top of the message, it says "Sarah has sent you a MEssage." Notice the first two letters of "MEssage" are capitalized? That's a typo. A legitimate message from Facebook wouldn't look like that.
Message Content and Links
Phishing emails will almost always include a hyperlink of some kind. This is where they get you. If you click on the link, there is no telling where you will be directed. In the case of this email, I'm pretty sure it's some kind of adult entertainment site, but I sure as heck am not clicking the link to find out.
At the bottom of the message are links to actual Facebook pages, and those could have easily been copied and pasted over from a real Facebook email. This is what tricks a lot of people because the bottom half of this email looks legit, but you have to realize that if there is any question about any part of the whole email - even if some parts look legit - then you'd best not click on any of the included links. Don't bother replying to the email, either.