14 DAY TRIAL // Security researchers from Avira warn of a new wave of spam emails that carry rogue links and masquerade as official messages from Facebook.
In one campaign, the fake emails purport to be notifications of photo comments and come with a subject of "[name] made a comment about your photo in the album..."
The messages even include the alleged comment, which reads: "Hi, you're looking great on this picture. Can we contact using email? If you can please send me a SMS. Bye, have a nice time."
The several links contained within appear to lead to places on Facebook, including the supposed comment thread.
However, their true destination is a website that claims to be a free SMS service and most likely tries to sign up users to premium rate services.
The second wave of emails is part of a pharma spam campaign and employs a lure we've seen before – Facebok alerts about unread messages.
Their subject is "You have notifications pending" and inform the receipient that "You haven't been back to Facebook recently. You have received notifications while you were gone."
These emails use a modified real Facebook email template, which makes them look a lot more familiar and trustworthy to users.
The included Facebook "Sign In" button, as well as the link to view the pending messages, lead to a Canadian Pharmacy website.
However, the most interesting aspect about these fake emails are the headers, which have been carefully altered to trick anti-spam filters.
"The email headers are very well constructed by adding a lot of entries which make the email look as close as possible to the original Facebook mails," Sorin Mustaca, a data security expert at Avira, notes.
Being the most popular in your field, social networking included, also has disadvantages. Becoming a target for all sorts of cybercriminals is one of them and Facebook is quickly learning that.
With phishing, worms, survey scams and spam emails attacking them on a daily basis, Facebook users have to remain alert at all times.