Facebook "Your Password is Not Safe" Malware Email

Outline
Email purporting to be from Facebook, claims that the recipient's Facebook password has been automatically changed because the previous password was not safe.



Brief Analysis
The email is not from Facebook and the claim that the user's password has been changed is untrue. The attachment that comes with the email contains a trojan.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:

Scroll down to submit comments
Last updated: 13th April 2011
First published: 13th April 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer

Example


Detailed Analysis
According to this email, which claims to be from Facebook Support, the recipient's Facebook password has been automatically changed because the old password was not safe. The message instructs recipients to open an attached file to get the new Facebook password along with "detailed information about new security measures".

However, the email is not from Facebook and the attachment certainly does not contain a new password or any security information. Opening the attachment will launch a trojan that, once installed, can modify the Windows registry, establish connections with malicious websites and download further malware components.

In January 2011, a malware email very similar to the one shown above was hitting inboxes. The message claimed that the recipient's Facebook password had been changed "for safety" because spam had been sent from his or her Facebook account. As in this case, the email's attachment contained a trojan. In fact, bogus "password reset" emails claiming to be from Facebook have been used a number of times over the last few years as a means of distributing trojans and other malware.

Facebook users should be very cautious of any unsolicited email that claims that their Facebook password has been changed. Facebook is never likely to include a new password in an email attachment. If you receive any such message, do not open any attachments that it may contain. And, do not follow any links in the email. Some versions try to trick recipients into visiting bogus websites that contain malware.

Phishing scammers have also used bogus Facebook messages in attempts to steal login details and other personal information from Facebook account holders.



References
Facebook Support. Your password has been changed!' contains trojan
Facebook Trojan Email - 'Your Password is Changed'
Facebook Password Reset Confirmation Trojan Email
Fake Facebook Login Phishing Scam

comments powered by Disqus

---

Pages in this month's issue:

1. False Warning - Do Not Add 'Jason Lee' Because Its a Virus
2. Amber Alert Hoax - Fake '72B 381' Abduction Alert Continues To Circulate
3. Fake Order Notification Emails Carry PDF Exploit
4. Padlock on Facebook Home Page Hacker Warning Hoax
5. Tsunami Deep Sea Creatures Email
6. Hoax News Report - Japan to End Whaling
7. Visa Card Violated Phishing Scam
8. Facebook 'Virus' Alert - Twilight the Movie Link 'Worst Virus Ever' According to Facebook and CNN
9. Prayer Request for Injured Soldier Tony Mullis
10. Inaccurate Warnings Claim ALL 'bit.ly' Links Are Suspect and Should not be Clicked
11. Facebook Non Secure Browsing Warning
12. Facebook 'Trojan' Warning - Girl Who Killed Herself In Front Of Web Cam Video
13. Do Circulating Photographs Show a Mass Fish Death In California Caused by the Japanese Tsunami?
14. Facebook Rogue App Survey Scam - BBC News Check What She Did on Cam
15. Google Promotion Award Advance Fee Scam
16. Facebook "Your Password is Not Safe" Malware Email