Facebook Phishing Email Alert

Hello Mailsac Community,

We have become aware of malicious emails being sent with the following reply-to addresses:

  1. [email protected]
  2. [email protected]
  3. [email protected]

First and foremost, these emails are NOT being sent using Mailsac services. It’s important to note that Mailsac does not provide outbound email services. Any email purportedly coming from these addresses is likely phishing in nature and should be treated with caution.

How to Determine the True Source:

  1. Check the email headers: This will give you insight into the path an email took to reach you. Email headers contain a lot of information, but what you’re looking for specifically are the “Received” fields.

  2. In the example provided: You can see that the email originated from a domain related to Salesforce (salesforce.com). The email headers indicate it passed through various servers, and even though it uses a Mailsac email in the “From” field, it’s clear from the “Received” lines and the “Return-Path” that the email is not coming directly from Mailsac.

Example of Fraudulent Headers:

Return-Path:
<facebookmail-help=mailsac.com__30zsl942b5v61kny@l3xj3ff6c53g7ipj.rj4n1pxe0dl69mj7.cvqzc.5j-d9l7peaf.ap27.bnc.salesforce.com>
...
From: Meta for Accounts <[email protected]>
...
Received: from smtp13-hnd-sp2.mta.salesforce.com
(smtp13-hnd-sp2.mta.salesforce.com [101.53.172.220])

Always make sure to carefully review emails before taking any actions, especially if they’re urging you to do something “urgent” or “critical”. If you ever have doubts about the legitimacy of an email, it’s best to contact the purported sender directly using a verified method of communication, rather than relying on any information provided in the suspicious email.

Stay safe, and always be vigilant against phishing attempts.

Best regards,

Michael