The emails look exactly like Facebook’s own messages which are sent to a user’s personal email accounts when they are tagged in a photo.
However, instead of the links in the emails leading to the referenced photo, they redirect the victim of the spam campaign to a site which tries to infect the person’s computer with malicious software. A few seconds later the link will redirect the user one more time to Facebook.com.
Many people will not have realized that their computer has been infected – but can spot the bogus emails as Facebook is misspelt as ‘Facebook’.
“Be wary of emails claiming to be from Facebook, and saying that you have been tagged in a photograph,” warned Graham Cluley of the British internet security firm Sophos.
Sophos Labs has intercepted a spammed-out email campaign, designed to infect recipients’ computers with malware. If you click on the link in the email, you are not taken immediately to the real Facebook website.
“Instead, your browser is taken to a website hosting some malicious iFrame script (which takes advantage of the Blackhole exploit kit, and puts your computer at risk of infection by malware).
Micron Associates quoted on their blog that even if you did not notice that Facebook was spelt incorrectly, you could have seen by hovering your mouse over the link that it wasn’t going to take you directly to the genuine Facebook website.
At present, Facebook was unavailable for comment.