Legitimate-looking emails that tell users they’ve been tagged in a picture on Facebook have been found to serve in a malicious campaign designed to spread a nasty Trojan.
Apparently originating from [email protected] (with three “o”s), the notifications tell the recipients that a member of the social media site has added a photo of them, Sophos experts report.
Those who rush to click on the “Go to Notifications” button, are taken to a website that hosts the Blackhole exploit kit that tries to push a piece of malware (Troj/JSRedir-HW) onto the victim’s computer.
To avoid raising any suspicion, the victim is almost immediately redirected to a genuine Facebook page, most likely owned by an unsuspecting individual.
In such cases, users are advised to double check the sender’s email address and verify the URL behind a link before rushing to click on it. An antivirus solution and up-to-date components are also recommended.