Facebook password changed? Malware attack poses as message from Facebook support

by Graham Cluley on April 13, 2011 | 3 Comments

Filed Under: Facebook, Malware, Social networks, Spam

Repeat after me: It's "Facebook", not "FaceBook".

Learn that lesson and it can be one of the tricks you can use to protect yourself against a spammed-out malware campaign, which tries to trick you into believing that Facebook support has changed your password.

Computer users are receiving emails claiming that the popular social network has automatically changed their password to secure their account.

Here's a typical message:

Fake Facebook support message. Dear user of FaceBook

Dear user of FaceBook.

Your password is not safe!
To secure your account the password has been changed automatically.

Attached document contains a new password to your account and detailed information about new security measures.

Thank you for attention,
Administration of Facebook.

Your alarm bells should be ringing instantly when you receive this message for a number of reason, not least that it can't decide if it's "Facebook" or "FaceBook", but also because why would Facebook ever email you an attachment? And why are they being so impersonal and not using your name?

Subject lines used in this malicious campaign include "Facebook. Your password has been changed! [NUMBER]" and "Facebook. The new password to your account. [NUMBER]" and even "Facebook Support. Personal data has been changed! [NUMBER]", and in each case the email is accompanied by an attached zip file which pretends to contain the new password.

However, the real payload of the file is to infect your Windows computer with Mal/Zbot-AV. Sophos users are protected against the threat proactively, and we also detect the ZIP file itself as Mal/BredoZp-B.

So, just because an email claims to hail from password@facebook.com, support@facebook.com or message@facebook.com, realise that its headers could have been forged - and don't blindly follow its instructions unless you're absolutely certain it's legitimate.

Perhaps the easiest thing to do if you're told your Facebook password has been changed, is try to log into Facebook to see if it's true or not?

You can stay informed about the latest scams by joining the Sophos Facebook page, where more than 70,000 people regularly share information on threats and discuss the latest security news.

Tags: , , ,

3 Responses to Facebook password changed? Malware attack poses as message from Facebook support

  1. -kg- says:
    April 13, 2011 at 9:15 pm

    There's another way to tell. If you can log into Facebook successfully, they haven't changed your password, now have they?

    Reply Report comment
    • dissdent_1 says:
      April 14, 2011 at 12:38 am

      I believe that was mentioned in the article...

      "Perhaps the easiest thing to do if you're told your Facebook password has been changed, is try to log into Facebook to see if it's true or not?"

      Reply Report comment
  2. Icabob says:
    April 18, 2011 at 3:05 pm

    I just got one in my Spam folder the other day~~~I warned all my not too smart friends as soon as I got it~~

    Reply Report comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.