Spam from your Facebook account? Malware attack poses as official warning

Cybercriminals are adopting a new disguise, following last week’s “Facebook password changed” malware attack.

Computer users are discovering malicious code has been sent to their email inboxes, pretending to be a notification from Facebook that their social networking account has been used to send out spam.

Spam is sent from your FaceBook account

A typical message reads:

Sign up to our free newsletter.
Security news, advice, and tips.

Dear client

Spam is sent from your FaceBook account.

Your password has been changed for safety.

Information regarding your account and a new password is attached to the letter.
Read this information thoroughly and change the password to complicated one.

Please do not reply to this email, it's automatic mail notification!

Thank you.
FaceBook Service.

The attack would, perhaps, be a little more successful at fooling more people if it had gone through a grammar check and if the perpetrators had paid more attention to the fact that it’s spelt “Facebook” not “FaceBook”.

Nevertheless, there are doubtless some computer users who might be tempted to open the attached ZIP file and infect their computers with malware.

We’ve seen similar attacks before, of course – and I imagine that cybercriminals will continue to use ruses like this when spreading their malware. Plenty of people are hooked on Facebook, and a message telling them that their password has been reset is likely to send them into palpitations and they may open the unsolicited attachment without thinking.

After all, it’s not as though spam being sent from Facebook accounts is unusual.

If only more people realised that they cannot trust the “from:” address in an email, as it is so easily forged. In this case it presents itself as being from "Facebook Help" <[email protected]>, but in reality it could just as easily be a Hungarian hacker, a Finnish fraudster or a Serbian scammer who initiated the widespread spam attack.

Sophos products intercept the attack as Mal/BredoZp-B.

If you are one of those many people who can’t get enough of Facebook in their lives, can stay informed about the latest scams by joining the Sophos Facebook page, where more than 70,000 people regularly share information on threats and discuss the latest security news.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.