by Graham Cluley on August 30, 2011 Nakedsecurity
Facebook claims to have more than 750 million active users, and many of them would have steam coming out of their ears if they thought they had lost a message from one of their Facebook friends.
And that’s exactly what spammers are banking on in their latest campaign, where they have sent out messages pretending to come from Facebook:
Facebook sent you a notification
You have 1 lost message on Facebook, to recover a message follow the link below: [LINK]
FAQ: Can you recieve messages if your inbox is full?
The spammers might also like to check their dictionary next time they compose an email. They’ve spelt “receive” incorrectly – as my mum always told me, it’s “i before e, except after c”.
Of course, in your hurry to read a missing message you may not have noticed the spelling mistake and may have blindly clicked on the link.
Can you guess what you’ll find at the other end?
Well, I must admit I was fully expecting to come across a phishing site – designed to steal my Facebook username and password by providing me with a bogus login screen. But instead, when I tried the link, I was redirected to a Canadian pharmacy website trying to pimp drugs to me instead.
Of course, the people behind this spam campaign could change where they point you at any time, or vary the destination depending on what type of browser or operating system you are running, or where you are based in the world.
Always remember to be on your guard when receiving unsolicited emails. It’s child’s play to forge a “from:” address or to create an HTML email which looks at first glance to be the genuine article. A nice font and corporate colours do not a legitimate email make.