Browse archive

Latest news

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

A spotlight on grid insecurity

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Hacking charge stations for electric cars

Fake Facebook photo tag notification leads to malware

Posted on 18.07.2012

Beware of fake Facebook emails telling you that you've been tagged in a photo, as you could easily end up infected with malware.

The emails do visually resemble messages sent by the social network, but there are also some tell-tale signs that they might not be.

As an observant user is sure to notice, the "From" email address contains an "o" too many.

"If you click on the link in the email, you are not taken immediately to the real Facebook website," Graham Cluley explains. "Instead, your browser is taken to a website hosting some malicious iFrame script (which takes advantage of the Blackhole exploit kit, and puts your computer at risk of infection by malware)."

A few seconds after that, the victim is redirected again to a Facebook page of a user that is not the same one that supposedly sent the email.

The action is supposedly performed to complete the illusion that the message was legitimate, but should actually alert victims that something is definitely wrong.