Mashable: Sophos’s NakedSecurity blog outlined the threat on Wednesday. The company’s SophosLabs intercepted a “spammed-out email campaign” which was designed to spread malware. Sophos provided the following example:
The blog notes that the email address above misspells “Facebook” as “Faceboook.” The link takes the user to a malicious iFrame script, which exposes the user’s computer to malware. However, within four seconds, the user’s browser is directed to a presumably innocent Facebook page like the one below to act as a smokescreen.
The lab recommends checking the “Facebook” email addresses closely in emails and hover your mouse over the link, at which point you should see it doesn’t go to a Facebook page.
Have you been duped by a fake Facebook photo tag message? Let us know in the comments.