There are a couple of scams circulating right now that are using bogus emails appearing to be from Facebook. The first one, discovered by our friends at Sophos, is a Facebook notification advising that “You have 1 lost message on Facebook”.
Though the message appears to be legitimate, looks can be deceiving. Most scams of this nature end up being a phishing attack trying to obtain your Facebook username and password. Surprisingly, the end game here is a redirect to a Canadian pharmacy site.
The second email scam is much more malicious in its intent. Researchers at Emisoft have discovered fraudulent emails with the subject line, “Kaamil Mahmoud wants to be friends on Facebook”. The email contains a “Confirm Friend Request” link that leads to a malware site. The site will advise users that their Flash player is out of date, and the update and install link contains the Zeus Trojan known as Zbot. Even if the executable isn’t downloaded and ran, users can still be infected. A script runs in the background containing BlackHole Exploit Kit.
The best defense against these scams is to not click on the links in the email. Login to Facebook directly to see if you have any friend requests or other notifications.
Also, keep your operating system updated with current security patches and only download Flash updates from Adobe. Many scams use the “outdated Flash player” routine.
Lastly, make sure you are using a good and current anti-virus software suite to protect your computer. Social media platforms are heavily targeted by hackers and scammers.
If you or your Facebook friends are falling for tricks like this, it’s time to get yourself informed of the latest threats. Be sure to join the Facecrooks page on Facebook to be kept informed of the latest security issues. Also check out:
BitDefender Safego is a Facebook application you can install that will scan your News Feed and help keep you safe from scams like this.