Facebook has cropped up in yet another malware incident. The latest involves bogus messages scammers are sending to tens of millions of users warning them to reset their accounts. The messages contain an attachment that installs a password stealer when a recipient clicks on the link.
Security vendor McAfee warns that the Facebook hoax could potentially compromise millions of computers. eSecurity Planet has the story.
Facebook users are on high alert this week for another e-mail scam advising that their accounts have been reset and asking them to reset their passwords through an attachment contained in the unsolicited e-mail.
But as security software vendor McAfee (NYSE: MFE) details in a blog posting, the attachment is actually a password stealer that is installed when users click on the link.
The potentially damaging e-mail is titled “Facebook Password Reset Confirmation! Customer Support,” and Facebook officials are telling users to immediately delete the message to avoid infecting their PCs and mobile devices.
Once the phishing agent is installed, it can access any username or password entered on the computer or mobile devices, putting users’ online banking account log-ins and other sensitive information at risk.