Tuesday, May 22, 2012

Fake Facebook Cancellation Account Email Links to Malware Posing as Adobe Flash Update

Facebook Square IconIs Facebook sending out cancellation requests asking you to confirm whether or not you REALLY want to cut ties with your Facebook account?

No, but cybercrooks definitely are.

Not only that, but they’ve taken the time to make sure the email has the best chance of fooling people too.

The email, titled “Account Cancellation Request” appears to come from Facebook (noreply@facemail.com), which is very close to the legitimate “noreply@facebookmail.com” email address used to send out official Facebook notification emails.

And although the email doesn’t link to an official Facebook page, it DOES link to a (malicious) third-party application on Facebook. That means the email links will point to "facebook.com."  Clever, clever.

Here’s the email:
From: Facebook (noreply@facemail.com)
Subject: Account Cancellation Request


We are sending you this email to inform you that we have received an account cancellation request from you. Please follow the link below to confirm or cancel this request.

The Facebook Team

To confirm or cancel this request, follow the link below:
click here

If you don’t want to receive these emails from Facebook in the future, please click unsubscribe. Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303

Should you decide to click on the link within the email, you would be taken to the third-party Facebook app, which will nag you about downloading an unknown Java applet – which you should NOT do under any circumstances.

Facebook App Prompting to Run Unknown Java Applet

Screenshot Credit: Sophos

If you do make the mistake of allowing the Java applet to run, you will see a message telling you that Adobe Flash must be updated, which is a common ploy used in malware attacks.

…Which is exactly what this is.

Surprise! That's no Adobe Flash update, but malware that Sophos detects as Mal/SpyEye-B and Troj/Agent-WHZ.

How You Can Protect Yourself From This Attack?

Incase you were wondering: no, you do not receive an email similar to the one used in this attack if you attempt to deactivate your Facebook account.

When you deactivate your Facebook account, you will only receive an email confirming that it’s already been completed. Here is the real email sent by Facebook:

Real Facebook Account Deactivation Email

From: Facebook (noreply@facebookmail.com)
Subject: You have deactivated your Facebook account

Hi [NAME],

You have deactivated your Facebook account. You can reactivate your account at any time by logging into Facebook using your old login email and password. You will be able to use the site like you used to.

The Facebook Team

To reactivate, follow the link below:

This message was sent to neverthoughti@yahoo.com. If you don't want to receive these emails from Facebook in the future, please click: unsubscribe.
Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303

Since that’s been cleared up, here are some other tips to stay safe:

  • Always run antivirus software and be sure to keep the virus definitions up-to-date.

  • Apply operating system and software updates as they’re released – just make sure you download the updates from trusted sources and not random email links. ;)

  • Try to avoid clicking links within emails if possible. Type the URL directly into your browser web address bar instead.

How to Report the Email to Facebook

If you receive a copy of this email, you can report it by visiting this Facebook Help Center article and clicking the "let us know" link at the bottom.

[via Sophos]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

1 comment:

  1. Yes I also agree on thoughts and thanks by the way and I want to share my words with all of you. Now you can make fake email ID using your real email ID and now do not need to tell anyone you primary Email ID anonymous email for facebook