It does not happen often, but this time they got me. Maybe I am lucky to use a Mac, because who knows what evil script was placed on the target website.
The mail I got, which was not filed under spam, but caught by some of my mailfilters, sorting it into the facebook folder, looked like this:
It was a perfect copy of a facebook “You got mail” notification. I wondered a bit, why i hadn’t seen the message on facebook, as I would usually be on there all the time, but I still clicked on the link without checking the status bar, which I would usually do on suspicious emails.
I was brought to some obscure website … (you can see the content of the statusbar in the screenshot, but this again is only a redirect)
After having been caught in the spam trap, I checked the sender address: 
Here again the sender address was clevery disguised. The normal sender address would look something like: notification + mwbrrb2n @ facebookmail .com, in this case it was messages + 0kcjsk5 @ facebook .com—photos.in.
So this email was in fact, sent from a indian address, the domain name being: com—photos.in with a subdomain called facebook. The user being messages+something, looked quite genuine, as it was using the standard facebook format, even if it did not start with notification.
So spam mailer go to great effort to get us trapped, but this is certainly one of the most sophisticated fakes, I have encountered so far.
Writing this I indeed realise that it was a phishing attempt, as I was asked to enter my password, but everything went so quick, I remember to think “strange, i have an open session in this browser, why do they ask for my password?” – Of course I have changed my password since.
How can I prevent being phished?
- Do not fall for look-alikes. To fake the look of an email is very easy.
- Check the linktarget in the email by hovering over it and checking the statusbar.
- Check the sender address. Read carfully.
- If you happen to click on such a link, check the address bar of your browser, before entering any kind of passwords or other personal data, such as credit card information.
- If you enter your password and are then redirected to another site or have to enter it again (on another URL), you have already been phished. Login immediately on the page you use to log-in and change your password.
First Step: Use Opendns.com
Second Step: you found a phishing mail or a website, report to:
http://www.phishtank.com
Most important step: Use your brain!