In the last days we have seen a large amount of spam being sent with the subject „Facebook Administration has sent you a message“.
The email is of course a fake because the links are spoofed and point actually to an online pharmacy which sells mainly potency pills.
This is not the first time we are seeing this type of emails, but this time we see that the emails are much better created and contain some special links.
These links are email addresses where the username is a always a combination of German words which have to do with the masculine potency and sexuality. The host part of the email address is apparently a randomly chosen domain which is, as far as we could see, correctly registered and valid. In an attempt to escape detection, the email address used in the From field is using the same username but changes the host to something untraceable.
Avira Antispam detects the emails as Phishing because the URL is spoofed, even if it doesn’t try to impersonate Facebook.
Data Security Expert