Yet another scam aimed at Facebook users has been uncovered - this time by McAfee Labs. The scam is targeting Facebook users worldwide and the bogus email alert appears to be reaching the listed friends of Facebook users as well. A computer user told NetGuide they had received the alert, even though they don’t have a Facebook account.
The scammers send emails that appear to be from Facebook, telling recipients that their Facebook password has been reset and they need to click on an attachment to retrieve it. The attachment is a password stealer that installs when the user clicks on it. Once installed, the password stealer can potentially access any username and password combination utilised on that computer, not just for the user’s Facebook account.
“This threat is potentially very dangerous considering that there are over 400 million Facebook users who could fall for this scam,” McAfee says. “This is also the sixth most prevalent piece of malware targeting consumers in the last 24 hours, as tracked by McAfee Labs.
“Facebook would never send an email alerting a user that they changed his or her password. Another clue that can signal a user has received a spam email is the use of poor grammar and awkward phrases such as in the below greeting: ‘Dear user of facebook.’”
To avoid becoming a Facebook scam victim, do not open the attachment. Promptly delete the Facebook scam email. Consumers can protect their computer from this type of cybercrime by installing a complete security software suite that includes anti-virus, anti-spyware, and firewall protection. Consumers should make sure they are running the most up-to-date security software and their subscription is active. If consumers are unsure if their security software vendor has an update for this type of malware, they should check for and install any available updates, then immediately run a full scan.