Malware spread as Facebook photo tag notification

Malicious emails, claiming to come from FacebookBe wary of emails claiming to be from Facebook, and saying that you have been tagged in a photograph.

Because it might be that you’re the next potential victim of a malware attack.

SophosLabs has intercepted a spammed-out email campaign, designed to infect recipients’ computers with malware.

Here is an example of what a typical email can look like:

Sign up to our free newsletter.
Security news, advice, and tips.

Malicious email claiming to come from Facebook

Subject: Christine McLain Gibbs tagged a photo of you on Facebook
From: Facebook <[email protected]>

(Did you notice what was odd about the email? The ‘from’ address misspells Facebook as “Faceboook” with three “o”s)

If you click on the link in the email, you are not taken immediately to the real Facebook website.

Instead, your browser is taken to a website hosting some malicious iFrame script (which takes advantage of the Blackhole exploit kit, and puts your computer at risk of infection by malware).

Malicious script

To act as a smokescreen, however, within four seconds your browser is taken via a META redirect to the Facebook page of a presumably entirely innocent individual.

Facebook page

SophosLabs are adding detection of the malware as Troj/JSRedir-HW.

Please be on your guard. You would have been protected from this threat if you had kept your wits about you.

Even if you didn’t notice that “Faceboook” was spelt incorrectly, you could have seen by hovering your mouse over the link that it wasn’t going to take you directly to the genuine Facebook website.

If you don’t take the right steps to protect your computer, one day a cybercriminal might find the right social engineering trick to dupe you into making a bad decision or visit a dangerous website.

Hat-tip: Thanks to Anna and Fraser in SophosLabs for their assistance with this article.

Fly image, courtesy of Shutterstock.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.