This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Second Facebook spam email campaign detected this week

Share this article:

A new email threat has been identified that poses as being from Facebook.

Security firm Red Condor identified the second email threat in as many days that claims to be from Facebook administrators. This includes a link to a spoofed Facebook login page, which prompts users to reveal personal information and then download a banking Trojan Downloader.

After a user enters their credentials, they are prompted to download ‘updatetool.exe' which has been detected as a Zbot Trojan variant. The company claimed that the spoofed Facebook login page is fairly sophisticated and uses ‘www.facebook.com' in the sub-domain portion of the malicious URL.

As a result, people with small screen resolution or small browser windows/address bars may think that they are on the Facebook login page. At the time Red Condor Spam Trigger detected the threat, only one-third of anti-virus engines had detected it.

Dr. Tom Steding, chief executive officer of Red Condor, said: “Given the comfort level that millions of users have with Facebook, we want to make sure that everyone knows that there are multiple spoofed Facebook emails hitting inboxes, and that the blended threat email we are warning about is different than the one many media outlets have already reported.

Facebook has become phenomenally popular, which makes it a prime target for spammers and cybercriminals. Unprotected email users need to be increasingly aware of the variety of threats that will come to their inboxes posing as legitimate messages. This blended email threat is an interesting twist that seems to have baffled a number of AV engines.”

Jamie Tomasello, Cloudmark's abuse operations manager, said: “The last three days have seen a sharp uptick in social engineering, as one or more of the malware distributors are, once again, playing on the popularity of Facebook to convince people to open their email.

“Emails with the subject ‘Facebook Password Reset Confirmation' have been flooding inboxes over the last few days, enticing people to open a zip file which purportedly contains the user's new password.

“I cannot stress enough – these emails are not coming from Facebook, and they do not mean that your Facebook account has been taken over, or that someone is trying to get your password. Facebook, unfortunately, is just another victim here; they can't stop bad guys from using their name to dangle as bait in front of you.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

NCA wants security pros to become cybercrime fighters

NCA wants security pros to become cybercrime fighters

The UK's National Crime Agency is on the hunt for cyber security professionals to "join the fight against some of the world's most significant cyber criminals" on salaries ranging from ...

GCHQ head says agency was 'never involved in mass surveillance'

GCHQ head says agency was 'never involved in ...

Sir Iain Lobban says GCHQ staff "are normal decent human beings who watch EastEnders and Spooks".

Apple Mac OS criticised for sending search results to third parties

Apple Mac OS criticised for sending search results ...

Apple is under pressure to make changes to the Spotlight feature on the new Mac OS X Yosemite 10.10, which tracks location and sends data back to the firm and ...