Proofpoint: Security, Compliance and the Cloud

November 06, 2009

Phish/Malware Sighting: "Facebook Updated Account Agreement", "Facebook Update Tool", "Facebook New Login System" Attacks

Facebook-Updated-Account-Agreement-Phish-Virus-Malware Social media sites are hot and spammers and scammers have fully embraced the trend as well. We're seeing more and more malicious emails that masquerade as social media notifications such as friend requests, policy changes, etc.

Today, I'm seeing a lot of phishing and malware-infected emails in my personal spam traps spoofing Facebook's login system. There are at least three variations on this (probably many more) that I've spotted. All of them have "from" lines using "facebookmail.com" as the domain. (Note that Proofpoint's anti-spam and anti-virus features block all of these messages.)

First up, there's a message with subject line "Facebook updated account agreement" that also features a zip attachment that is surely some sort of malware. As is usual for phishing/malware email attacks, this message encourages the user to urgently "submit a new, updated account agreement", otherwise, your account will be "restricted." (Click the thumbnail at left for a full-size jpeg sample of this email. Need I stress that you should not download, unzip and run that attachment?

Facebook-New-Login-System-Phish Similarly, I'm seeing phishing emails that have malicious links as their destination. Two different variations depicted in the thumbnails at left (again, you can click to show a full-size jpeg sample). One uses the subject line "Facebook Update Tool", the other is "new login system."


Facebook-Update-Tool-Phish Both emails use similar body copy that includes the following text:

Dear Facebook user,

In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security.
Before you are able to use the new login system, you will be required to update your account.

Please click on the link below to update your account online now:

[malicious URL deleted]

If you have any questions, reference our New User Guide.

Thanks,
The Facebook Team 

The URLs in these messages link to fraudulent sites, of course, Recipients are advised never to click on links in email.

Posted by Keith R. Crosley at 1:52 PM
Anti-spam, Anti-virus, Email Security, Phishing, Social Media

Technorati Tags: , , , , , , ,

Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a010535f33a5b970c0128755f1d56970c

Listed below are links to weblogs that reference Phish/Malware Sighting: "Facebook Updated Account Agreement", "Facebook Update Tool", "Facebook New Login System" Attacks:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Thank you very much for this info. I was very close to unzip their attachment, but thanks to you now I understand that is a fake mail.
Thank you again!

Posted by: Daniel | February 17, 2010 at 04:09 AM

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Archives

Blog Search

Email Security Gateways, 2011

Magic Quadrant

Recent Posts

Blogroll

Tweets

Follow us @Proofpoint_Inc »

What people are saying right now about us.

©2012 Proofpoint, Inc.
threat protection: Proofpoint Enterprise Protection compliance: Proofpoint Enterprise Privacy governance: Proofpoint Enterprise Archive secure communication: Proofpoint Encryption