Pinterest Stumbleupon Whatsapp
Ads by Google

If you’ve received an email from Facebook telling you about a new photo you were tagged in, be extra careful. As first discovered by Sophos, a fake email that’s going around has been urging people to open the included attachment by claiming to contain a new photo you’ve just been tagged in on Facebook. It makes the proposition even more tempting by claiming the tagger has listed you as “close friend”.

The email comes complete with Facebook’s blue colors and familiar design, as you can see in the screenshot below from Sophos, so that despite the suspicious text, those who don’t bother to read it can easily be duped into clicking the attachment. The attachment itself has been identified as Troj/Agent-XNN, which disguises itself as a Sun Java updater, and runs every time you boot your PC.

The email reads:

Greetings,

One of your Friends has added a new photo of you to the album.

You are receiving this email because you’ve been listed as a close friend.

[View photo with you in the attachment]

While this email is easily identified as spam when you put your mind to it, we don’t always bother to do so when receiving emails from Facebook. It’s worth it, however, to pay close attention, and at least check who the email is really coming from. In this case, the From address is <notification+kjdm-dj-gud_@facebookmail.com>. This can change from email to email, but looking at it closely, the address is obviously a fake.

Source: Sophos

Ads by Google

Image credit: Trojan image via Shutterstock

  1. Arup Ghosh
    September 4, 2012 at 9:19 am

    Facebook should take care for this kind of stuffs .

  2. Kp Rao
    September 1, 2012 at 9:22 pm

    thanks

  3. Shahzad Billimoria
    September 1, 2012 at 4:33 pm

    cool beans

  4. Teodoro Villamarzo
    September 1, 2012 at 11:15 am

    The more we know, and reminded of, the more we can practice safe internet browsing. Thanks, Yaara, for ths warning.

  5. Heidi Smith
    August 31, 2012 at 7:55 pm

    Thanks, great work letting us know!

  6. Nikhil Pandey
    August 29, 2012 at 6:04 pm

    You can also get spam mails from any email. its possible. i pranked my friend by sending a mail from antipiracy@fbi.gov which worked and there were no traces. See how to do Here
    http://www.nikhil-pandey.com/2012/08/fake-mailer-mail-from-any-email-to-any.html

    • Yaara Lancet
      August 30, 2012 at 12:29 pm

      Yes, it's definitely possible. Looking at the "from" address is just one way to determine what's spam or not. There are many other signs.

      • Nikhil Pandey
        August 31, 2012 at 3:07 am

        Using the method above, the from seems to be original. Its not possible to determine wether its spam or not.

  7. Igor Rizvi?
    August 29, 2012 at 2:21 pm

    Thanks for the usefull information!

  8. Quebec Twosix
    August 29, 2012 at 7:16 am

    The use of "Social engineering" to deliver a computer infection is not anything radically new, but it is fantastically effective. The best thing is that people will will click upon the link, and then openly refuse to accept their stupidity. For clicking on a link of an IM or E-Mail where someone you don't know, and have never met, states that "they have a photo of you is stupid."

    Sadly we are now in the era of global social media, where people no longer count their friends upon their fingers, but in the 1,000's because they are listed as such in the social application. The more friends means that you are more popular & afterall these are truly global friends.

    Enter the point, where years ago following a fairly significant virus outbreak within a global company I publically lamblasted the head of security for clicking on a link of a message stating that "here is a new photo of your mother I have", from a person who he had never met; nor would his mother. He clicked the link because it came from a trusted source.

    A trusted source is the issue, because the offending message was delivered through the corporate portal and therefore should be considered trustworthy - point taken, hummm pause for thought.

    Maybe it's not a case of "stupidity", but trust, and the less well informed will inevitably click on the link, and then be faced with a java update that will reboot the computer and install a virus.

    Hopefully, the mail in question will arrive as spam, and will quickly be eradicated; but we all live in hope

    • Yaara Lancet
      August 30, 2012 at 12:29 pm

      Thank you for this elaborate comment! I agree, the lines between someone we know and trust and someone we don't know have become blurred, at least more so than they were a few years ago. I make a conscious effort to only add Facebook people I actually KNOW.

      But yes, it's surprising how quick people are to trust links because of their source. A while back my friend's MSN account got hacked, and I kept receiving weird links from her. I never clicked them, but I do wonder how many of her friends did.

      • Randy Thiesen
        September 3, 2012 at 3:39 pm

        Having a GOOD up to date antivirus or security suite definitely helps matters when it comes to staying safe on these sites.

  9. jpgwapo
    August 29, 2012 at 1:52 am

    thanks for that info..

  10. Ruben Marrero
    August 29, 2012 at 1:11 am

    Thanks

  11. venkatp16
    August 29, 2012 at 1:06 am

    Thnx for this info...

  12. Kaashif Haja
    August 28, 2012 at 11:59 pm

    I hear from my friends that their accounts have been hacked.
    Well, I have to careful then..

  13. Edward
    August 28, 2012 at 10:12 pm

    I cant beleive on it

  14. April Eum
    August 28, 2012 at 9:33 pm

    i assume this is why i have also spam comments and messages.

  15. Kundan Bhardwaj
    August 28, 2012 at 9:21 pm

    Not again, some months if you remember there was a JavaScript trick for facebook in which if you clicked it all your friends were sent that url as you got it. In todays time we have to be careful over the internet, it is very dangerous out there.

Leave a Reply

Your email address will not be published. Required fields are marked *