Popular software programs and online services are more likely to be targeted by malicious users than less popular services.
Facebook is currently the most popular social networking service on the Internet, and security experts are noticing increased attacks on the network and its users.
Several security companies are currently warning users of Facebook about a widespread scam that is targeting Facebook users per email.
The attackers are currently sending out emails that claim that Facebook has changed the user account password, and that a new password has been attached to the document in the email.
Facebook Password Reset Confirmation! Customer Support
Dear user of Facebook,
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.Thanks,
The Facebook Team.
Experienced users realize quickly that the email is a scam. There are several indicators for this.
Indicators are the non personal tone of the message (no name is mentioned in the email), the email file attachment that it contains, and the fact that Facebook will never create a new user password and attach it to emails.
Both McAfee and Sophos have published warnings about the scam. The attachment’s name is Facebook_details_.zip. It contains a trojan and should therefore not be opened by users. McAfee reports that the trojan steals computer passwords from the PC when it is executed and not blocked by security software.
Facebook users should take a look at our Facebook Login security information for further tips on how to improve the security on the network.
Update: If you receive such an email, one of the things that you can do to prove its legitimacy is to visit Facebook and try to log in to your account. If it works, you know that the email is a scam and can delete it outright.
Another option that you have is to ask Facebook about it. Click on the small down arrow in the top bar and select Report a Problem. Use the dialog that opens up to notify Facebook about the email and ask if it is legitimate while on the Facebook website.
Ultimately, you should never open file attachments unless you know the sender personally, or are expecting an attachment. Even then, it is better to be save than sorry and have the attachment checked out on a service like Virustotal before opening it.