‘Reset your Facebook password’ spam promotes pharmacy websites

One of the most widespread spam campaigns at the moment is posing as a reset password email from Facebook.

Facebook password reset email

The emails use the subject line “Reset your Facebook password” and have no message body. However, they do have an attached file – facebook_newpass.html

If you open the file (which Sophos detects as Troj/JSRedir-BO) you are redirected to a third party website. In our testing, it took us to an all-too-familiar-looking Canadian Pharmacy website selling online drugs.

Sign up to our free newsletter.
Security news, advice, and tips.

Right now, these unsolicited messages are being seen en masse around the world by Sophos’s network of spamtraps.

Spammed out messages

It’s no surprise that the spammers would use Facebook as their cloak – after all, with almost 500 million users it’s much more likely that they’ll successfully end up in the inbox of a Facebook user than the customer of a particular bank.

Remember to always be suspicious of unsolicited emails, and think before you ever open an unknown attachment or click on an unknown link.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.