14 DAY TRIAL // A shady-looking email, apparently originating from Facebook, has been seen in inboxes, informing users that the social media network has received an account cancelation request.
A variant of the fake notification, provided by Sophos, looks something like this:
We are sending you this email to inform you that we have received an account cancellation request from you. Please follow the link below to confirm or cancel this request
Thanks, The Facebook Team
To confirm or cancel this request, follow the link below: click here
The tricky thing about these emails is that the link actually points to an official Facebook page, which makes it a lot less suspicious-looking.
However, the page contains a third-party Facebook app that urges the user to install an unknown Java applet. At this point, if the potential victims refuse to install the applet, they are bugged until they give in.
Once the “facebook_plugin” is allowed to run, another message appears, informing that Adobe Flash must be updated. During this so-called update process, a number of malicious files are copied onto the computer.
Identified by Sophos as Mal/SpyEye-B and Troj/Agent-WHZ, the pieces of malware are designed to allow the attackers to remotely gain control over the infected device and spy in the victim’s activities.
In this situation, the cybercriminals rely on the fact that most Facebook customers don’t want to lose their accounts as a result of an error, which is why it’s very likely that they’ll rush to complete the “canceling” process.
Security enthusiasts may notice that this is a scam as soon as they’re taken to the third-party app, but regular users may tend to trust the shady webpage. That’s why we advise the social network’s customers to install a decent antivirus application, which in most cases will detect the presence of a malicious plot.