If you have a lot of friends and spend time with said friends, you are probably tagged a lot in their photos. Facebook, being the courteous social network that it is, sends you an email saying that your friend has tagged you in a photo. If you don’t allow pictures of yourself to be taken, you best remain cautious.
It would appear that a new malware is taking advantage of our obsession with tagging and being tagged within photos. The email is harmless enough. All it says is that somebody on Facebook has added a photo of you. Look at how innocuous it is:
As nakedsecurity points out, you should immediately notice that the email comes from an email address that can’t even spell Facebook right. You can insult the intelligence of the fine folks working at Facebook all you want when chat doesn’t work, but I’m pretty sure they don’t even misspell their own name.
Other than the misspelling, everything else looks legitimate. That’s what makes this particular threat so worrisome. Most malware threats have at least a few indicators that expose their true nature, whereas this one only has one.
Of course, if you aren’t a social person by nature then this malware threat is entirely ineffective. The photo tag comes from a random stranger. If you do go to a lot of parties and meet random people, you might be duped into thinking that somebody learned your name and took your picture before you passed out on the floor from drinking way too many Everclear shots.
So what does this particular breed of malware accomplish? Upon clicking the “See Photo” button in the email, your browser is taken to a site full of malicious iFrame script. Before you have any chance to react, your browser redirects you to an innocent Facebook page of a random individual. The humor emerges when the Facebook page that you’re redirected to is not the same as the person in the email.
All in all, this malware is pretty easy to spot. It makes a few mistakes a long the way that prevents it from becoming the next big thing in malicious software. Just remember to only open emails from sources you trust. Even then, like in the case of Facebook, make sure the sender email address is correct. Unless the sender has been infected, it won’t be the one you’re accustomed to.