Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Facebook Trojan Email - 'Your Password is Changed'

Outline
Email purporting to be from Facebook Support claims that the recipient's Facebook password has been changed because spam was sent from the account. The recipient is instructed to open an attached file to retrieve the new password.



Brief Analysis
The email is not from Facebook and the attachment does not contain a new password. Instead, opening the attachment can install a trojan on the user's computer.

Bookmark and Share
Detailed analysis and references below example.



Last updated: 28th January 2011
First published: 28th January 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Examples
Subject: Facebook Support. Your password is changed. ID90286

A Spam is sent from your FaceBook account.

Your password has been changed for safety.

Information regarding your account and a new password is attached to the letter. Read this information thoroughly and change the password to complicated one.

Please do not reply to this email, it's automatic mail notification!

Thank you for your attention.

Your Facebook!



Detailed Analysis
According to this email, which claims to be from Facebook Support, the recipient's Facebook password has been changed "for safety" because spam had been sent from his or her Facebook account. The message urges the recipient to open an attached file in order to retrieve the new Facebook password.

However, the email is not from Facebook and it certainly does not contain a new password. In fact, opening the attachment will launch a trojan that, once installed, can modify the Windows registry, establish connections with malicious websites and download further malware components.

Very similar malware emails have been distributed on and off since at least November 2010. In fact, bogus "password reset" emails claiming to be from Facebook have been used a number of times over the last few years as a means of distributing trojans and other malware.

Facebook users should be very cautious of any unsolicited message that claims that their password has been changed. Facebook would never include a new password in an attached file. If you receive such a message, do not open any attachments that it may contain. Do not click on any links in such messages as some versions attempt to entice recipients into visiting bogus websites that contain malware. Other bogus Facebook messages may be phishing scams designed to
steal login details and other personal information from Facebook account holders.

Bookmark and Share

References
Email with new password from Facebook Support contains trojan
Facebook Password Reset Confirmation Trojan Email
Fake Facebook Login Phishing Scam

Last updated: 28th January 2011
First published: 28th January 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer