Hackers use fake Facebook cancellation emails to deploy malware