This week we received a number of emails, all claiming to be from Facebook, notifying us of “Pages you may like”. If you look at the email, it looks legit, however, it isn’t. As noted by the website Net-Security (http://www NULL.net-security NULL.org/malware_news NULL.php?id=2578), these emails feature pictures in the body of the email, a personalized subject line, and a real looking layout.
In the case of these emails, when you see the email itself, it looks legit, but if you place your mouse (WITHOUT CLICKING) over any of the pictures you will find that the actual links in the email take you to a site called newprinting that ends with an .hk web address (at least in the example shown). If these were actual Facebook pages your link wouldn’t be to a random site based in Hong Kong. Keep in mind that if you happen to click on any of the sites listed in the email, you will be sent to newsprinting or another legitimate website that has been compromised. Once you arrive at these compromised websites (that have been compromised by the Blackhole exploit), you risk having your pc infected with malware.
Per ThreatTrack Security (http://threattrack NULL.tumblr NULL.com/post/60178964754/facebook-news-feed-suggestion-spam), the company that discovered the bug, here is a list of compromised URLs to look out for in your Inbox:
What To Look For
There are a couple of things you can do to try and protect yourself from fake emails or other Facebook scams.
- Check the URL (the web address of the link, without clicking on it). If the suggested like is for a Facebook page and the link goes to a site that isn’t Facebook, DON’T CLICK IT. If the link offers to take you to Faceboook, DON’T CLICK IT (did you notice how Faceboook is spelled), misspellings is one of the biggest ways people get tricked.
- If it’s a recommendation being sent to you “from a friend”, and it seems odd that your friend would recommend that page, DON’T CLICK IT. You know like your friend who is vegetarian sending you a recommendation to n all you can eat steak house. If you do get strange messages like that from a friend, I would suggest notifying them that their page (or pc) may have been compromised, and that they should check their settings in FB, change their Facebook password, and run scans on their pc, just to make sure.
- Lastly, I would never click on anything sent to me via an email. I prefer going to the site directly, and signing in. If it was sent to you via email, it should also be posted to the site as well.
It’s not perfect science but these steps should help you manage and not get tricked by social engineering tricks used by the bad guys.