Facebook password changed? Malware attack poses as message from Facebook support

Facebook password changed? Malware attack poses as message from Facebook support

Repeat after me: It’s “Facebook”, not “FaceBook”.

Learn that lesson and it can be one of the tricks you can use to protect yourself against a spammed-out malware campaign, which tries to trick you into believing that Facebook support has changed your password.

Computer users are receiving emails claiming that the popular social network has automatically changed their password to secure their account.

Here’s a typical message:

Fake Facebook support message. Dear user of FaceBook

Dear user of FaceBook.

Your password is not safe!
To secure your account the password has been changed automatically.

Attached document contains a new password to your account and detailed information about new security measures.

Thank you for attention,
Administration of Facebook.

Your alarm bells should be ringing instantly when you receive this message for a number of reason, not least that it can’t decide if it’s “Facebook” or “FaceBook”, but also because why would Facebook ever email you an attachment? And why are they being so impersonal and not using your name?

Subject lines used in this malicious campaign include “Facebook. Your password has been changed! [NUMBER]” and “Facebook. The new password to your account. [NUMBER]” and even “Facebook Support. Personal data has been changed! [NUMBER]”, and in each case the email is accompanied by an attached zip file which pretends to contain the new password.

However, the real payload of the file is to infect your Windows computer with Mal/Zbot-AV. Sophos users are protected against the threat proactively, and we also detect the ZIP file itself as Mal/BredoZp-B.

So, just because an email claims to hail from password@facebook.com, support@facebook.com or message@facebook.com, realise that its headers could have been forged – and don’t blindly follow its instructions unless you’re absolutely certain it’s legitimate.

Perhaps the easiest thing to do if you’re told your Facebook password has been changed, is try to log into Facebook to see if it’s true or not?

You can stay informed about the latest scams by joining the Sophos Facebook page, where more than 70,000 people regularly share information on threats and discuss the latest security news.