Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

Fake Facebook Password Reset Email Links to Malware


Jump To: Example    Detailed Analysis   Comments   References

Outline

Email purporting to be from Facebook claims that your password has been reset due to suspicious activity and you must click a link to 'restore the password'.

facebook password malware



Brief Analysis

The email is not from Facebook and your password has not been reset as claimed. The link in the message opens a website that contains malware that can join your computer to the Asprox botnet.

   





related Links
What's New   Top Ten   Special Features   Subscribe


Example

Subject: Facebook password change

Hi,
Your Facebook password was been reset on Thursday, December 11, 2014 at 11:48AM (UTC) due to suspicious activity of your account.
Operating system: Android
Browser: Opera
IP address: 128.211.149.140
Estimated location: New Oxford, PA, US
To restore the password complete this form, please, your request will be considered within 24 hours.
Thanks,
The Facebook Security Team

facebook password maleware


Detailed Analysis

'Facebook' Email Claims Your Password Has Been Reset

According to this email, which appears to come from Facebook, your password was reset due to suspicious activity. The message includes information about the operating system and browser used for the 'suspicious activity' along with an 'estimated location'.

The message claims that you should click a link to fill in a form so that the password can be restored.

The email features the Facebook name logo along with the social network's familiar blue and white colour scheme.

Email Is Not From Facebook - Link Opens Malware Website

However, the email is not from Facebook and the claim that your password has been reset is untrue.

Instead, the message is an attempt to trick you into installing malware.

If you click the link as instructed, you will be taken to a compromised website that contains the malware.

The download file will conduct a test to see if you are using a targeted browser and operating system. If so, a .zip file will be downloaded to your computer. The .zip contains a .exe file. Clicking the .exe installs the malware.

Once installed, the malware will join your computer to the Asprox botnet.

The operating system, browser, and location details in the emails may vary.

If this email comes your way, do not click any links or open any attachments that it contains.



facebook password malware

© Depositphotos.com/ Ai825


Last updated: December 12, 2014
First published: December 12, 2014
By Brett M. Christensen
About Hoax-Slayer

References
Facebook password change - Asprox Malware
Asprox botnet