The "click here" link will secretly redirect victims through a number of sites and finally land them on one serving exploits for two Java Runtime Environment and a Adobe Reader and Acrobat flaw, warns Webroot.
If any of the exploits are successful, the user will be saddled with a Trojan that is currently detected by only 3 out of the 46 AV solutions used by VirusTotal.
If you receive an email like this one and are not sure whether it's legitimate or not, contact Facebook and ask them whether they have sent it before even thinking of clicking on the offered link.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.