Scam Signature Message:
someone made a profile named “___” and he uploaded some of your photos! is that you?
Scam Type: Malware, Social Engineering
Trending: February 2014
Why it’s a Scam:
Several readers have reported receiving the Facebook message shown above. At this time it’s unclear if the messages are coming from hacked friends or if the messages are being spammed out by malicious accounts. This is a classic example of a socially engineered attack. The scam plays on people natural sense of curiosity, and unsuspecting users will likely get infected with malware if they access the file. We have not analyzed the contains of the zip file, but one of our readers advised that they were infected with malware after opening the file.
Zip files are notorious for spreading malware, and you should always be suspicious any time you receive one. When in doubt, avoid the download entirely or use an online scanner to check the file first
It’s very possible that similar variants are circulating, so avoid anything remotely resembling this message.
How to Deal with the Scam:
If you did make the mistake of opening the file, then you should disconnect from the Internet and immediately run a full malware scan on your system. Depending on the contents of the zip file, it’s possible that you will need to clean up your Clean up your newsfeed and profile to remove references to the scam.
If someone on your friends list sent you the message, then their account has likely been compromised. Block or unfriend the account until it has been reclaimed and sorted out properly.
If you or your Facebook friends are falling for tricks like this, it’s time to get yourself informed of the latest threats. Be sure to join the Facecrooks page on Facebook to be kept informed of the latest security issues.