Browse archive

Latest news

Microsoft to pay up to 150k for vulnerabilities

(IN)SECURE Magazine issue 38 released

Collected data helped foil 50 terrorist plots, says NSA chief

65+ websites compromised to deliver malvertising

Customized spam uses cell phone users’ data against them

Facebook once again accessible via Tor

Oracle releases critical security updates for Java

Employees biggest IT threat to businesses

Google asks secret court permission to publish FISA numbers

How to detect hidden administrator apps on Android

Hacking charge stations for electric cars

Fake Facebook photo tag notification leads to malware

Posted on 18.07.2012

Beware of fake Facebook emails telling you that you've been tagged in a photo, as you could easily end up infected with malware.

The emails do visually resemble messages sent by the social network, but there are also some tell-tale signs that they might not be.

As an observant user is sure to notice, the "From" email address contains an "o" too many.

"If you click on the link in the email, you are not taken immediately to the real Facebook website," Graham Cluley explains. "Instead, your browser is taken to a website hosting some malicious iFrame script (which takes advantage of the Blackhole exploit kit, and puts your computer at risk of infection by malware)."

A few seconds after that, the victim is redirected again to a Facebook page of a user that is not the same one that supposedly sent the email.

The action is supposedly performed to complete the illusion that the message was legitimate, but should actually alert victims that something is definitely wrong.