Once again hackers have targeted Facebook's estimated 400 million users in an attempt to steal passwords and other sensitive information. The difference this time is that the virus infected spam message is coming via the normal email system rather than the previous method of using the social networking sites own internal mail system.
This new email's subject line says "Facebook password reset confirmation customer support". The emails tell recipients that the passwords on their Facebook accounts have been reset, and urges them to click on an attachment to obtain new login credentials and reset their password. Once the attachment is opened it then downloads and installs several types of malicious software without the users consent, this includes a program that steals passwords.
A Facebook spokesman said the company could not comment on the specific case, but pointed to a status update that Facebook posted on its web site on Wednesday (17th March) warning users about the spoofed email and advising users to delete the email and to warn their friends.
McAfee estimates that hackers have already sent out tens of millions of these spam messages across Europe, the United States and Asia since the campaign began on Tuesday. McAfee's director of malware research and communications Dave Marcus said that McAfee expects the hackers to succeed in infecting millions of computers around the world. "With Facebook as your lure, you potentially have 400 million people that can click on the attachment. If you get 10 percent success, that's 40 million," he said.
Don't get caught out with this one, it could cost you more than just inconvenience.