Fake Facebook Photo-Tagging Notifications Hide Malware
On Tuesday, Sophos reported a new spam campaign disguising itself as a notification from Facebook, saying you've been tagged in a photo. Once you click on the link directing you to the photo, however, your Web browser is taken to a malicious iFrame script that starts running the Blackhole exploit kit. Blackhole essentially opens a backdoor to your PC for more malware.
What makes this campaign even trickier is that within four seconds, your browser suddenly loads a legit-looking Facebook profile so you don't have time to figure out something just went terribly wrong.
Lessons learned:
1. Always hover your mouse over a link before clicking on it, to make sure you're not being led somewhere else.
2. Check "official" emails for spelling mistakes.
No comments:
Post a Comment