Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share







Issue 111 - February 2011 - Page 13

Pages in this month's issue:
  1. 2011 Date Oddity - Birth Year Plus Age Equals 111
  2. False Rumour - US Post Office To Destroy African American Stamps
  3. Bigpond Database Upgrade Phishing Scam
  4. Hoax - Facebook Shutting Down on March 15
  5. Protest Message About Bedfordshire Police Rules Regarding Muslims
  6. Coca Cola Survey Phishing Scam
  7. Hoax Reports Claim Three Giant Spaceships Heading for Earth
  8. ATO Activity Statement Refund Phishing Scam
  9. 'My First St@tus' Rogue Facebook Application
  10. Facebook Deleting Inactive Users Hoax
  11. Hoax Warning - Anthrax in Tide Detergent Packs
  12. Hoax - University of Kentucky Removes Holocaust From Curriculum
  13. Facebook Trojan Email - 'Your Password is Changed'
  14. DNA Test Kit Scam Warning
  15. Phone Text Message Lottery Scams
  16. Question About eBay Item Phishing Scam
  17. Knob Face Trojan Worm Warning Message
  18. 'See Everyone Who Views Your Pr@file' Rogue Facebook Application
  19. McDonald's Survey Phishing Scam Email
  20. Parrot Flower Photographs
  21. AAAAAAA@AAA.AAA - First Address Book Entry Virus Control Hoax
  22. Evan Trembley Missing Child Hoax

Issue 111 Start Menu

Previous Article            Next Article

Facebook Trojan Email - 'Your Password is Changed'

Outline
Email purporting to be from Facebook Support claims that the recipient's Facebook password has been changed because spam was sent from the account. The recipient is instructed to open an attached file to retrieve the new password.



Brief Analysis
The email is not from Facebook and the attachment does not contain a new password. Instead, opening the attachment can install a trojan on the user's computer.

Bookmark and Share
Detailed analysis and references below example.



Last updated: 28th January 2011
First published: 28th January 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: Facebook Support. Your password is changed. ID90286

A Spam is sent from your FaceBook account.

Your password has been changed for safety.

Information regarding your account and a new password is attached to the letter. Read this information thoroughly and change the password to complicated one.

Please do not reply to this email, it's automatic mail notification!

Thank you for your attention.

Your Facebook!



Detailed Analysis
According to this email, which claims to be from Facebook Support, the recipient's Facebook password has been changed "for safety" because spam had been sent from his or her Facebook account. The message urges the recipient to open an attached file in order to retrieve the new Facebook password.

However, the email is not from Facebook and it certainly does not contain a new password. In fact, opening the attachment will launch a trojan that, once installed, can modify the Windows registry, establish connections with malicious websites and download further malware components.

Very similar malware emails have been distributed on and off since at least November 2010. In fact, bogus "password reset" emails claiming to be from Facebook have been used a number of times over the last few years as a means of distributing trojans and other malware.

Facebook users should be very cautious of any unsolicited message that claims that their password has been changed. Facebook would never include a new password in an attached file. If you receive such a message, do not open any attachments that it may contain. Do not click on any links in such messages as some versions attempt to entice recipients into visiting bogus websites that contain malware. Other bogus Facebook messages may be phishing scams designed to
steal login details and other personal information from Facebook account holders.

Bookmark and Share



References
Email with new password from Facebook Support contains trojan
Facebook Password Reset Confirmation Trojan Email
Fake Facebook Login Phishing Scam

Previous Article            Next Article

Issue 111 Start Menu

Pages in this month's issue:
  1. 2011 Date Oddity - Birth Year Plus Age Equals 111
  2. False Rumour - US Post Office To Destroy African American Stamps
  3. Bigpond Database Upgrade Phishing Scam
  4. Hoax - Facebook Shutting Down on March 15
  5. Protest Message About Bedfordshire Police Rules Regarding Muslims
  6. Coca Cola Survey Phishing Scam
  7. Hoax Reports Claim Three Giant Spaceships Heading for Earth
  8. ATO Activity Statement Refund Phishing Scam
  9. 'My First St@tus' Rogue Facebook Application
  10. Facebook Deleting Inactive Users Hoax
  11. Hoax Warning - Anthrax in Tide Detergent Packs
  12. Hoax - University of Kentucky Removes Holocaust From Curriculum
  13. Facebook Trojan Email - 'Your Password is Changed'
  14. DNA Test Kit Scam Warning
  15. Phone Text Message Lottery Scams
  16. Question About eBay Item Phishing Scam
  17. Knob Face Trojan Worm Warning Message
  18. 'See Everyone Who Views Your Pr@file' Rogue Facebook Application
  19. McDonald's Survey Phishing Scam Email
  20. Parrot Flower Photographs
  21. AAAAAAA@AAA.AAA - First Address Book Entry Virus Control Hoax
  22. Evan Trembley Missing Child Hoax