Many Naked Security readers have been in touch asking about emails they have received, claiming to come from Facebook.
The emails, which don’t – of course – really come from Facebook, claim that the recipient has “notifications pending”.
Subject: You have notifications pending
Hi,
Here's some activity you have missed on Facebook.4 friend request
[Go To Facebook] [See All Notifications]
You have to admit, the emails look pretty convincing. So it wouldn’t be at all surprising if many users were fooled into clicking on the link.
The link, of course, could go to anywhere. It could go to a phishing website, a webpage hosting a malicious download or something else unsavoury. When I tested the link in the emails I saw, they took my computer (via some redirects) to a Canadian pharmacy website offering to sell me Viagra and Cialis to improve my perfomance between the sheets.
Chances are that the spammers are earning affiliate cash by driving traffic to the pharmaceutical website.
Of course, the perpetrators of the spammed-out campaign could change where it points to at any time.
Always be careful about the links that you click on, and be suspicious of unexpected emails. If you are a Facebook user and want to get a heads-up about scams and attacks involving the social network, join the Sophos page on Facebook.