Facebook password changed? Malware attack poses as message from Facebook support

Filed Under: Facebook, Malware, Social networks, Spam

Repeat after me: It's "Facebook", not "FaceBook".

Learn that lesson and it can be one of the tricks you can use to protect yourself against a spammed-out malware campaign, which tries to trick you into believing that Facebook support has changed your password.

Computer users are receiving emails claiming that the popular social network has automatically changed their password to secure their account.

Here's a typical message:

Fake Facebook support message. Dear user of FaceBook

Dear user of FaceBook.

Your password is not safe!
To secure your account the password has been changed automatically.

Attached document contains a new password to your account and detailed information about new security measures.

Thank you for attention,
Administration of Facebook.

Your alarm bells should be ringing instantly when you receive this message for a number of reason, not least that it can't decide if it's "Facebook" or "FaceBook", but also because why would Facebook ever email you an attachment? And why are they being so impersonal and not using your name?

Subject lines used in this malicious campaign include "Facebook. Your password has been changed! [NUMBER]" and "Facebook. The new password to your account. [NUMBER]" and even "Facebook Support. Personal data has been changed! [NUMBER]", and in each case the email is accompanied by an attached zip file which pretends to contain the new password.

However, the real payload of the file is to infect your Windows computer with Mal/Zbot-AV. Sophos users are protected against the threat proactively, and we also detect the ZIP file itself as Mal/BredoZp-B.

So, just because an email claims to hail from password@facebook.com, support@facebook.com or message@facebook.com, realise that its headers could have been forged - and don't blindly follow its instructions unless you're absolutely certain it's legitimate.

Perhaps the easiest thing to do if you're told your Facebook password has been changed, is try to log into Facebook to see if it's true or not?

You can stay informed about the latest scams by joining the Sophos Facebook page, where more than 70,000 people regularly share information on threats and discuss the latest security news.

, , ,

You might like

3 Responses to Facebook password changed? Malware attack poses as message from Facebook support

  1. -kg- · 1099 days ago

    There's another way to tell. If you can log into Facebook successfully, they haven't changed your password, now have they?

    • dissdent_1 · 1099 days ago

      I believe that was mentioned in the article...

      "Perhaps the easiest thing to do if you're told your Facebook password has been changed, is try to log into Facebook to see if it's true or not?"

  2. Icabob · 1094 days ago

    I just got one in my Spam folder the other day~~~I warned all my not too smart friends as soon as I got it~~

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.