Sophos Labs: Repeat after me: It’s “Facebook”, not “FaceBook”.
Learn that lesson and it can be one of the tricks you can use to protect yourself against a spammed-out malware campaign, which tries to trick you into believing that Facebook support has changed your password.
Computer users are receiving emails claiming that the popular social network has automatically changed their password to secure their account.
Here’s a typical message:
Dear user of FaceBook.
Your password is not safe!
To secure your account the password has been changed automatically.
Attached document contains a new password to your account and detailed information about new security measures.
Thank you for attention,
Administration of Facebook.
Your alarm bells should be ringing instantly when you receive this message for a number of reason, not least that it can’t decide if it’s “Facebook” or “FaceBook”, but also because why would Facebook ever email you an attachment? And why are they being so impersonal and not using your name?
Subject lines used in this malicious campaign include “Facebook. Your password has been changed! [NUMBER]” and “Facebook. The new password to your account. [NUMBER]” and even “Facebook Support. Personal data has been changed! [NUMBER]”, and in each case the email is accompanied by an attached zip file which pretends to contain the new password.
However, the real payload of the file is to infect your Windows computer with Malware Zbot-AV.
So, just because an email claims to hail from [email protected], [email protected] or [email protected], realise that its headers could have been forged – and don’t blindly follow its instructions unless you’re absolutely certain it’s legitimate.
Perhaps the easiest thing to do if you’re told your Facebook password has been changed, is try to log into Facebook to see if it’s true or not?
You can stay informed about the latest scams by joining the Omid’s Network Facebook page.