This phishing email is nothing new but what came to my attention was that Gmail was not able to detect the spam even though the full headers from the message are showing how Google identified it as a candidate for Spam "Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of firstname.lastname@example.org does not designate 22.214.171.124 as permitted sender) email@example.com"
Any software is plenty of bugs. Even with the best developers on board you are still vulnerable. Good that "Report phishing" option is available albeit a little bit hidden behind an arrow close to the Reply link. User experience should be helping better here I would say but regardless the important lesson to learn is to be always suspicious up front. Do not trust any bad news (account hacked or compromised) or too good news (You just won a million dollar) you receive.
See below for the full headers of the message:
Delivered-To: firstname.lastname@example.org Received: by 10.236.179.100 with SMTP id g64cs68259yhm; Fri, 5 Aug 2011 22:37:44 -0700 (PDT) Received: from mr.google.com ([10.142.187.15]) by 10.142.187.15 with SMTP id k15mr3461337wff.111.1312609063904 (num_hops = 1); Fri, 05 Aug 2011 22:37:43 -0700 (PDT) Received: by 10.142.187.15 with SMTP id k15mr2917056wff.111.1312609063502; Fri, 05 Aug 2011 22:37:43 -0700 (PDT) Return-Path: <email@example.com> Received: from vsfilter2.roc.bti.net.ph (vsf-mx4.bti.net.ph [126.96.36.199]) by mx.google.com with ESMTP id w1si282094wfw.62.2011.08.05.22.37.42; Fri, 05 Aug 2011 22:37:43 -0700 (PDT) Received-SPF: fail (google.com: domain of firstname.lastname@example.org does not designate 188.8.131.52 as permitted sender) client-ip=184.108.40.206; Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of email@example.com does not designate 220.127.116.11 as permitted sender) firstname.lastname@example.org X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AqA2AOHRPE7Lc4NugWdsb2JhbAAoEwcXgjgBD4NgjV+EQwGOLRNcAQEWJiVxSxISGQELCk0BAQECDQ4MJAJQh3oKIgGeN5I1jSaDLQyCLl8Eh1qYFoMBgQaCYTA Received: from smtp4-roc.bti.net.ph (HELO smtp1.skyinet.net) ([18.104.22.168]) by vsfilter2.roc.bti.net.ph with ESMTP; 06 Aug 2011 13:37:41 +0800 Received: from 22.214.171.124.BTI.NET.PH (unknown [126.96.36.199]) by smtp4-roc.bti.net.ph (Postfix) with ESMTP id 55F8793DB3A for <email@example.com>; Sat, 6 Aug 2011 13:37:41 +0800 (PHT) From: "Twitter Support" <firstname.lastname@example.org> Subject: Your account has been suspended To: "nestor.urquiza" <email@example.com> Content-Type: multipart/alternative; charset="iso-8859-10"; boundary="LMRJGCZhTXlUeMlXLirvgZD=_SMWAE68zR" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Date: Sat, 6 Aug 2011 13:37:37 +0800 Message-Id: <20110806053741.55F8793DB3A@smtp4-roc.bti.net.ph> This is a multi-part message in MIME format --LMRJGCZhTXlUeMlXLirvgZD=_SMWAE68zR Content-Type: text/plain ; charset="iso-8859-10" Content-Transfer-Encoding: quoted-printable --LMRJGCZhTXlUeMlXLirvgZD=_SMWAE68zR Content-Type: text/html ; charset="iso-8859-10" Content-Transfer-Encoding: quoted-printable <HTML><HEAD> <META name=3DGENERATOR content=3D"MSHTML 8.00.6001.23019"></HEAD> <BODY> <P><A href=3D"mexico.cnn.com/redirectComplete.php?url=3D//emailus%2Eit= %2Etc/2ule3B"><IMG border=3D0 src=3D"http://3.bp.blogspot.com/-u_sWLHS= Yjes/TjyqVZ73vrI/AAAAAAAAAEQ/hX5mKS-R7-g/s1600?2ule3B"></A> </P> <P> </P></BODY></HTML> --LMRJGCZhTXlUeMlXLirvgZD=_SMWAE68zR--