If you receive a password reset email from Facebook on your inbox, be careful! Facebook users are being warned of a malicious email password reset scam that is making its rounds and quickly spreading across the social network the past couple of days. This massive spam run is the latest version of malicious emails targetting Facebook’s 400 million global users.
The email messages that are believed to be sent from the Cutwail and Rustock botnets, use a spoofed return email address like “firstname.lastname@example.org“, making it look real and appear that its really from Facebook. The message indicates that the user’s Facebook password has been reset and that the user should download the email attachment containing the new password. Unbeknownst to most users, that attachment is a Trojan horse program designed to infect a computer. This massive spam run also contains different varieties of malware programs, password stealers, rogue antivirus programs and botnet code.
Unlike most spam and phishing emails, this Facebook password reset scam’s English-language messages contain correct grammar but has a weird sign-off: “Thanks, Your Facebook.”
Here’s a screenshot provided by McAfee from one of those Facebook password reset scam emails.
Users should always keep in mind that companies or social networks like Facebook won’t send unsolicited passwords. The only time a user will get a new password is if that user requested for it. Aside from keeping your AV (antivirus) up-to-date, users should also make it a habit not to click on embedded links on emails and NEVER download attachments. If you have to download an attachment from someone you know, make sure you scan it first with your antivirus software before opening/running it.
Social networking sites will always be a favorite target of scammers, spammers, phishers and other types of cybercriminals because of the huge number of users and the large percentage of “ignorant” users. So its important that users should always be protected (up-to-date antivirus) and be educated about these types of email scams.
Next time you open your inbox and find an email that asks you to reset a password or change login details, be careful. It could “pretend” to come from Facebook, Twitter, Bank of America, PayPal or any other website – don’t click on the embedded links and NEVER download any attachments!
Anyone here or anyone you know recently received a Facebook password reset scam email?