30 August 2012 02:37:00 AEST 2 MIN READ

Someone you've never heard of tagged 4 photos of you on Facebook

In recent weeks, MailGuard has stopped a massive number of spam emails featuring bogus Facebook notifications that eventually lead to malware infection.

The emails are extremely dangerous because they have no malicious payload and thus will not trigger desktop AV. This single threat accounts for more than one in every 200 spam messages. It’s possible that computers were infected - if they were not protected by MailGuard IT security services.

“Someone you've never heard of tagged 4 photos of you on Facebook”

You or someone at your business might have several copies of an email with variations of this subject line. As you can see from the screenshot the fake notification looks very authentic.

How does it work?

It preys on Facebook’s 800m+ users who receive daily notifications just like this and click on the links without thinking twice. Of course, this notification doesn't come from Facebook. Nevertheless, muscle memory could have you or your users clicking on the link before that's figured out.

Although the email does not contain a malicious payload (bypassing desktop AV), it does direct users to a site which downloads malware and plays havoc with their computers.

A word of warning

Please DON’T OPEN emails with subject line “Brooke Sheree added 4 photos of you on Facebook” (or similar). And whatever you do, DON’T CLICK any of the links contained in these messages. This will direct you to a site which infects your machine with malicious software.

This threat is known as a “drive-by”, and is typical of the new breed of cybercriminal attacks.

How to prevent these kinds of attack

If you’d like to prevent your employees being vulnerable to these attacks in the future, we recommend recommend you implement cloud-based email security and web security from MailGuard.

You can trial MailGuard free for two weeks.