Cybercriminals have spammed out messages claiming that recipients are at risk of having their unread messages on Facebook deleted.
The reason? To lure you into clicking on a link sent out by pill-pushers, that could end up making a hole in your pocket.
Here’s a typical example of an email that has been spammed out, claiming to come from “Facebook Administration”:
You haven’t been to Facebook for a few days, and a lot happened while you were away.
“A lot happened while you were away”?
Yeah, right.
Like you missed a few cat videos, and some folks who alerted the world to their Candy Crush addiction by allowing it to post messages on their Facebook feed, someone you went to high school with has been tagged in a photograph looking fat, and your Aunty Gladys has apparently liked an “OMG You won’t believe what happened in this video” survey scam.
Ahem.
Here is another example of a message sent out by the spammers:
A lot has happened on Facebook since you last logged in. Here are some notifications you’ve missed.
When I clicked on the links on a test computer, I was redirected to a Canadian pharmacy website selling medications to “improve your bedroom performance”.
As we’ve discussed many times before, you’re taking big risks by buying Viagra and similar drugs online – not only because of the harm which could be done to your health, but also because if whoever is promoting such websites have no qualms about driving traffic through fake Facebook email notifications, who knows what they would do with your credit card details?
But also, the links embedded inside the emails could have taken victims into other dangers. For instance, users could have been redirected to webpages that have been compromised and launch an exploit kit to silently install malware onto visiting computers, or a phishing page designed to steal Facebook credentials.
Be aware of the risks, and always be cautious about clicking on links in unsolicited emails. If you’re not sure if you a communication from Facebook is legitimate or not, log onto the site by visiting it directly (https://www.facebook.com), not by clicking on a link in an email.
If you are on Facebook, and want to be kept updated with news about security and privacy risks, and tips on how to protect yourself online, join the Graham Cluley Security News Facebook page.